- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
using internet service definitions in my firewall policies
hello i cannot figure out how to enable this? i only see "Services" when creating firewall policies.
i am using forti os 5.6.5 .
do i need to enable it somehow or is this a 6.x feature only ?
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Custom services can be created under Policy&Objects->Services. Hit the "Create New" button at the top.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i don't want to create a custom service .
i want to use the existing internet service database entries
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Internet-services database entries are used as Destinations, not Services. Because those are resolved to IP addresses instead of ports.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
so i could not use 'Google-Web' as an example if my intention was to create a single "Internet Allowed Out" Policy because it would only allow traffic to specific destinations.
is this correct?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can specify 'Google-Web' as Destination and allow access to it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
then i am limiting which destination IP address i can access which i do not want .
I want to allow all destination IP .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dirkdigs wrote:I want to allow all destination IP .
You don't need Internet Service Database in that case. Just add a legacy policy with dst: all.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content