Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fry35
New Contributor

What do Fortigate interface roles (eg WAN, LAN, DMZ) actually do in terms of firewall behaviour?

When creating a Fortigate interface, I have to select an interface role as per the title (WAN/LAN/DMZ)

What behaviour does this role actually change https://omegle.onl/ ?

Thanks!

2 REPLIES 2
dbhavsar
Staff
Staff
Sheikh
Staff
Staff

Hello @fry35 

FortiGate interface roles, such as WAN, LAN, and DMZ, play a significant role in how the firewall treats traffic passing through these interfaces. Each role is associated with certain default behaviors and security policies that help streamline the configuration process and enhance security.

 

WAN:

 

  • Typically, strict security policies are applied to traffic entering through the WAN interface to protect the internal network from external threats.
  • Connects the FortiGate to the external internet or other external networks.
  • Outgoing traffic from the LAN to the WAN is often allowed, while incoming traffic from the WAN to the LAN is typically restricted unless specific policies are defined.
  • Common use cases include managing public IP addresses, NAT (Network Address Translation), and applying security measures like IPS (Intrusion Prevention System) and antivirus.

LAN:

 

  • By default, the LAN interface is configured to allow internal devices to communicate freely with each other.
  • Traffic from the LAN to the WAN is usually permitted to allow internal users access to external resources.
  • Security measures such as firewall policies, endpoint protection, and traffic shaping can be applied to manage internal traffic and control access to external networks.

 

DMZ:

 

  • Provides a buffer zone between the WAN and the LAN, limiting direct exposure of the internal network to external threats.
  • Traffic from the WAN to the DMZ is allowed based on specific policies to ensure only necessary and secure access.
  • Traffic from the DMZ to the LAN is usually highly restricted to prevent potential security breaches.
  • Security policies typically include rigorous monitoring, access control, and intrusion prevention to safeguard the DMZ-hosted services

I hope this clarifies your question.

 

regards,

 

Sheikh

 

 

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors