Hello all! Long time reader, first time poster. I apologize if this is
already discussed or should possibly be in the Routing area. My googling
has let me down. Thanks in advance! An unusual setup: Essentially what I
need to do is give a FGFW 30E to ...
To help clarify, when I limit the IPv4 Policy for LAN>WAN to Fortigate's
DNS and my restricted FQDNs, my Host (using Fortigate's DNS)
successfully performs DNS Lookup (for any URL I throw at it) and
Traceroute commands (to my restricted FQDNs). Yet, ...
Here's a Flow Debug of the Host hitting the desired FQDN when my IPv4
policy is set to Allow "All" for the Destination. The CLI output is
empty when I change the Policy's Destination to this FQDN. I also have
the DNS IPs in the Destination and the Ho...
Oddly, when I put the Policy locked down to the desired IP (even FQDN)
and DNS IPs, and try to hit that desire IP from my host computer, the
Flow Diag doesn't even show that it's trying. No record of the host
computer attempting to connect. It does s...
Here is a flow debug output of the host CPU hitting a specific URL.
However, this is when I set the policy's Destination to "all." In the
next reply, I will send the flow debug output when the policy's
Destination is set to the specific Address Group...
Thanks for the explanations! I noticed the Destination IPs in my flow
debug are ones that I do not want the host going to, so this is desired
behavior in that regard. I'm going to try to capture a flow when the
host is connecting to a desired IP and ...