Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek_OLD
New Contributor

"All other than" in Fortigate ?

Hi,

Mikrotik have special exclamation mark in policy or firewall settings, If I put it before port number 80 it means NOT 80

so configured rule would be applyed to ALL ports but 80 Lets say I should blocking p2p, but want p2p to be available on computer 192.168.0.3 so I can configure it like src address =  !192.168.0.3 so it would apply to ALL but 192.168.0.3

 

do Fortios/Fortigate have something similar?

 

thanks.

3 REPLIES 3
Toshi_Esumi
Esteemed Contributor III

I think this is what you're looking for.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD33959

But I never used it because without negate enabled, you can easily do the same thing with two policies; the first one to allow 192.168.0.3/32 then the second one to block "all" sources.

Tutek_OLD

Indeed similar option but very limited.

Doing your way I need to double policy to configure one thing, so it not help to keep all policies clean and simple.

emnoc
Esteemed Contributor III

I all most never seen negate used for src or destinations in policyid.You allow what you want and deny what you need imho

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors