Multiple interfaces in local-in-policy

PierreV-MR · ‎03-23-2023

Hello,

I'm tryin' to restrict access to my FortiGate on WAN ports using the local-in-policy feature. I have two WAN interfaces and the policies are like this:

Granting access to my trusted hosts on WAN1
Implicit deny on WAN1
Granting access to my trusted hosts on WAN2
Implicit deny on WAN2

My problem is that the policy number 2 does not work and the traffic on WAN1 is not limited. Does anyone have any suggestions?

funkylicious · ‎03-23-2023

Can you post the local-in policies and what u've tested that didn't worked ?

"jack of all trades, master of none"

PierreV-MR · ‎03-24-2023

Screenshot 2023-03-24 092316.png

Policy 1: works

Policy 2: does not work

Policy 3: works

Policy 4: works

I tested with pings from both Italian and French IPs. For the policy 4 I also tested with debug flow which correctly discards traffic

funkylicious · ‎03-24-2023

Is the traffic coming in through wan1 or ha1 ?

Cuz if it's through ha1 w/ destination FW-privIP-2 it might not work.

"jack of all trades, master of none"

PierreV-MR · ‎03-24-2023

The traffic comes trough both interfaces (HA1 is main, WAN1 is backup). HA1 has its public IP (FW-privIP-1) and WAN1 has its private IP in DMZ with the ISP's CPE (FW-privIP-2)

Multiple interfaces in local-in-policy

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website