Hi,
Mikrotik have special exclamation mark in policy or firewall settings, If I put it before port number 80 it means NOT 80
so configured rule would be applyed to ALL ports but 80 Lets say I should blocking p2p, but want p2p to be available on computer 192.168.0.3 so I can configure it like src address = !192.168.0.3 so it would apply to ALL but 192.168.0.3
do Fortios/Fortigate have something similar?
thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I think this is what you're looking for.
https://kb.fortinet.com/kb/documentLink.do?externalID=FD33959
But I never used it because without negate enabled, you can easily do the same thing with two policies; the first one to allow 192.168.0.3/32 then the second one to block "all" sources.
Indeed similar option but very limited.
Doing your way I need to double policy to configure one thing, so it not help to keep all policies clean and simple.
I all most never seen negate used for src or destinations in policyid.You allow what you want and deny what you need imho
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.