Greetings. 4 users are banned from the internet.But we want these users to access a local website. What should I do? Waiting for your help.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Good day @BaranS ,
- You mean the local sites which are hosted behind LAN or DMZ? If yes then create a lan to wan policy add those user IP's in source and set action to deny. Furthermore, add another policy above it from lan to dmz and allow those IPs with respective services.
Created on 07-26-2024 06:00 AM Edited on 07-26-2024 06:07 AM
Yes, it's a LAN-based website.It has an IP address and we translated it into a name with DNS. Do I need to add it as an address?
Hello BaranS,
You can add the website as an IP address or as a FQDN address object(or wildcard FQDN if applicable) in the firewall policy.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-wildcard-FQDN/ta-p/196118
You can create a user group for the specific users and then configure local DNS and make sure that local website is resolved to internal IP of the users. After that create a policy to allow the local website for user and then another policy to deny internet access.
I have defined the address I want to access.
After that, I just need to write a policy that allows the internet and add this address. Is that correct?
@BaranS correct, just make sure you have correct policy configured. If you want to use FQDN make sure the DNS which users are using can resolve it to IP and you can use one Internal DNS on the FortiGate as well.
You can capture the IP addresses of these 4 users and create a firewall policy to allow traffic to this local website.
Please ensure that this policy is placed above the policy that denies internet access to these 4 users.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.