Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Special Request

Dear All, I have here my Fortigate 800F Configured as NAT . All of my users are configured to connect to Fortigate as there default gateway to access the Internet . i have the following rules created on the fortigate :- ======================================================================= A. Route. # IP Mask Gateway Device Distance 1 0.0.0.0 0.0.0.0 213.255.237.113 port2 10 ====================================================================== B.Firewall Policy From Port 1 - to - Port 2 :- ID Source Dest Schedule Service Action Enable 1 all all always ANY ACCEPT Yes From port2 -> port1 :- 2 all all always Incoming ACCEPT Yes ======================================================================== C. the Configuration of Fortigate Ports as follwoing :- port1 192.168.1.100 /255.255.255.0 port2 213.255.237.116 /255.255.255.248 and i am using only Port 1 & 2. and here is a complete information regarding the Ports. internal 190.168.1.99 255.255.255.0 HTTPS,PING external 190.168.100.99 255.255.255.0 PING dmz 10.10.10.1 255.255.255.0 HTTPS,PING ha 10.10.20.1 255.255.255.0 HTTPS,PING port1 192.168.1.100 255.255.255.0 HTTPS,PING port2 213.255.237.116 255.255.255.248 port3 HTTPS,PING port4 HTTPS,PING ======================================================================== Now i have 2 Question & I want your Help Please . 1-As you can see all of my users are able to access Internet without any Problem & without any restrictions at all . due to that i want to see if i can make the following on the Fortigate:- 1- I want to create a rule " Firewall Policy " to only Open the Ports SMTP & POP3 only for Sending E-mails & Receving E-mails,for a group of users which they have the IP address start from 192.168.1.20-192.168.1.25 , and disable the browse internet completely as HTTP & HTTPS on those Group of Users . So, Can you Please Guide me To How to do That . 2-I have here a nother Network " Segment " Starting with this IP-Address 10.1.8.X / 24 i want to configure this Network to connect to the same MY Fortigate UNIT but with the diffrent IP Address as Default gateway. for example, i have my users here in the Head Office configured to use the Fortigate as Default Gateway ( 192.168.1.100 ) and they able to access Internet. i want to create / configure another Port on the Fortigate to be in this IP-address 10.1.8.100 and the users on the Network 10.1.8.X will connect to the Fortigate as there default gateway but with this IP 10.1.8.100. so, can i make this? if so, please tell me how can i do it.
2 REPLIES 2
RickP
New Contributor

ORIGINAL: rolamohammed so, can i make this? if so, please tell me how can i do it.
rolamohammed, I' m going to say this politely as possible. *Don' t* crosspost the same message to multiple forums. I understand you' re trying to get the most people to see it, but as soon as readers see the same message blasted across a half-dozen forums (especially where it doesn' t belong, like VPN and Content Management), they' re far *less* likely to want to help you.
Not applicable

Hi. First thing please take it very Seriously what RickP wrote to you.. Second this time i will help you bon' t please don' t do this again.. now... i don' t understand why you have rule from port2>port 1 in you have nat on rule port1>port2 take off that rule . what you would need to do is create an address group for the clients you wan' t to give mail only create a rule for them alowing only wanted protocol' s after that rule put a deny rule on that goup. after the deny rule put the rule for the rest of your network. for the second question . you have many emty intterfaces connect your 10.x.x.x segment to one of the empty port and give it the address 10.x.x.100 them put a rule from that interface > internet and allow protocols you wan' t. enjoy.
Labels
Top Kudoed Authors