Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MitchK
New Contributor

Rules necessary both ways?

We want to filter our certain web sites with our Fortigate, preventing internal machines from reaching these sites. Must we have outgoing and incoming rules? It would seem that we would only need outgoing rules. However, in a typical firewall if you have no rules there is an implicit " deny all" rule. From what I read, Fortigate is the same way. So, must I have an explicit " allow all" rule for incoming, and then all my filtering profiles go in outgoing rules? Or can I get by with no incoming rules at all?
Mitch Fortigate-300A 4.00 (MR3 Patch5) Fortigate-200B 4.00 (MR3 Patch5) Fortigate-50B 4.00 (MR3 Patch6) FortiAnalyzer 100C (MR3 Patch1)
Mitch Fortigate-300A 4.00 (MR3 Patch5) Fortigate-200B 4.00 (MR3 Patch5) Fortigate-50B 4.00 (MR3 Patch6) FortiAnalyzer 100C (MR3 Patch1)
2 REPLIES 2
RickP
New Contributor

If your network is made up of internal users connecting to external resources, no incoming rules are required. It' s true that a session with a web site (for example) is a two-way communication, but your users always initiate the session. The FortiGate unit keeps track of these allowed sessions and permits the connection recipient to send data back to your users, in response to their initial communication. The only time you need an incoming policy is if you want to allow an external user to *initiate* a session with an internal resource.
MitchK
New Contributor

Thanks Rick, much appreciated.
Mitch Fortigate-300A 4.00 (MR3 Patch5) Fortigate-200B 4.00 (MR3 Patch5) Fortigate-50B 4.00 (MR3 Patch6) FortiAnalyzer 100C (MR3 Patch1)
Mitch Fortigate-300A 4.00 (MR3 Patch5) Fortigate-200B 4.00 (MR3 Patch5) Fortigate-50B 4.00 (MR3 Patch6) FortiAnalyzer 100C (MR3 Patch1)
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors