I have read every article on the internet on this topic and worked with
Fortinet TAC for 2 days. All of the articles say you can secure the
public IP of the Fortigate by putting the public IP in the Host IP
section for the common name in the CSR. Don...
This is the two rules for each firewall config firewall
local-in-policyedit 1set uuid ae9f5406-9bbb-51ef-f6dd-2a8d82bb10eeset
intf "wan1"set srcaddr "all"set srcaddr-negate disableset dstaddr
"wan1-IP"set internet-service-src disableset dstaddr-negat...
Ok here is the weirdest thing. I have applied that exact Local In you
showed on both firewalls and only 1 is blocking the connection to 443.
This one worksconfig firewall local-in-policyedit 2set uuid
2c381c5e-e4cd-51ef-fc7a-6cfcc55b8019set intf "wan...
Ok if my customer is good with just securing the DNS name is there a way
to block 443 access then to firewall on the WAN interface? Today they
use 10443 for admin access on the WAN interface. I have put in local in
policy to block 443 on the WAN inte...
