- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Website Permission
Greetings. 4 users are banned from the internet.But we want these users to access a local website. What should I do? Waiting for your help.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good day @BaranS ,
- You mean the local sites which are hosted behind LAN or DMZ? If yes then create a lan to wan policy add those user IP's in source and set action to deny. Furthermore, add another policy above it from lan to dmz and allow those IPs with respective services.
Created on 07-26-2024 06:00 AM Edited on 07-26-2024 06:07 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, it's a LAN-based website.It has an IP address and we translated it into a name with DNS. Do I need to add it as an address?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello BaranS,
You can add the website as an IP address or as a FQDN address object(or wildcard FQDN if applicable) in the firewall policy.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-wildcard-FQDN/ta-p/196118
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can create a user group for the specific users and then configure local DNS and make sure that local website is resolved to internal IP of the users. After that create a policy to allow the local website for user and then another policy to deny internet access.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have defined the address I want to access.
After that, I just need to write a policy that allows the internet and add this address. Is that correct?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@BaranS correct, just make sure you have correct policy configured. If you want to use FQDN make sure the DNS which users are using can resolve it to IP and you can use one Internal DNS on the FortiGate as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can capture the IP addresses of these 4 users and create a firewall policy to allow traffic to this local website.
Please ensure that this policy is placed above the policy that denies internet access to these 4 users.