Hi,
I need to allow access to couple of my servers on vlan, but every server should be accessible only on its own service port, let's say:
server 10.1.1.1 only access on port 443
server 10.1.1.2 port 1433
server 10.1.1.3 port 3389
if I add these servers IP as address objects, with each service ports then these service ports will be shared among all servers so then client can access my 10.1.1.1 server over RDP 3389, right?
Is any way to simply create one ipv4 policy instead many separate policies with one ip and one service port for this ip?
thanks
I'm afraid there isn't.
You could employ scripting if the number of policies needed is excessive.
The only other way to obtain this might be to use VIPs instead of destination addresses. In/out address would be the same, in-port/out-port identical but only the allowed port mentioned. If there is no other, more general policy towards this server you'd block unwanted traffic.
Put all VIPs into one VIP group, and into one policy.
But I doubt this way would be less work or more transparent/comprehensible.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.