Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Special Request

Dear All, I have here my Fortigate 800F Configured as NAT . All of my users are configured to connect to Fortigate as there default gateway to access the Internet . i have the following rules created on the fortigate :- ======================================================================= A. Route. # IP Mask Gateway Device Distance 1 port2 10 ====================================================================== B.Firewall Policy From Port 1 - to - Port 2 :- ID Source Dest Schedule Service Action Enable 1 all all always ANY ACCEPT Yes From port2 -> port1 :- 2 all all always Incoming ACCEPT Yes ======================================================================== C. the Configuration of Fortigate Ports as follwoing :- port1 / port2 / and i am using only Port 1 & 2. and here is a complete information regarding the Ports. internal HTTPS,PING external PING dmz HTTPS,PING ha HTTPS,PING port1 HTTPS,PING port2 port3 HTTPS,PING port4 HTTPS,PING ======================================================================== Now i have 2 Question & I want your Help Please . 1-As you can see all of my users are able to access Internet without any Problem & without any restrictions at all . due to that i want to see if i can make the following on the Fortigate:- 1- I want to create a rule " Firewall Policy " to only Open the Ports SMTP & POP3 only for Sending E-mails & Receving E-mails,for a group of users which they have the IP address start from , and disable the browse internet completely as HTTP & HTTPS on those Group of Users . So, Can you Please Guide me To How to do That . 2-I have here a nother Network " Segment " Starting with this IP-Address 10.1.8.X / 24 i want to configure this Network to connect to the same MY Fortigate UNIT but with the diffrent IP Address as Default gateway. for example, i have my users here in the Head Office configured to use the Fortigate as Default Gateway ( ) and they able to access Internet. i want to create / configure another Port on the Fortigate to be in this IP-address and the users on the Network 10.1.8.X will connect to the Fortigate as there default gateway but with this IP so, can i make this? if so, please tell me how can i do it.
New Contributor

ORIGINAL: rolamohammed so, can i make this? if so, please tell me how can i do it.
rolamohammed, I' m going to say this politely as possible. *Don' t* crosspost the same message to multiple forums. I understand you' re trying to get the most people to see it, but as soon as readers see the same message blasted across a half-dozen forums (especially where it doesn' t belong, like VPN and Content Management), they' re far *less* likely to want to help you.
Not applicable

Hi. First thing please take it very Seriously what RickP wrote to you.. Second this time i will help you bon' t please don' t do this again.. now... i don' t understand why you have rule from port2>port 1 in you have nat on rule port1>port2 take off that rule . what you would need to do is create an address group for the clients you wan' t to give mail only create a rule for them alowing only wanted protocol' s after that rule put a deny rule on that goup. after the deny rule put the rule for the rest of your network. for the second question . you have many emty intterfaces connect your 10.x.x.x segment to one of the empty port and give it the address 10.x.x.100 them put a rule from that interface > internet and allow protocols you wan' t. enjoy.
Top Kudoed Authors