FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 193937
Article
DescriptionHow to define a policy for a small set of users, without affecting all users.
Components
  • All FortiGate units.
Steps or Commands

In some cases, it is necessary to create unfiltered access to the Internet for a small subset of administrative users or servers on your LAN. The following steps are the basic steps to configure this, assuming a filtered outgoing policy already exists in your FortiGate unit.

  1. Define an address object using each static IP for the PCs by going to Firewall> Address.
  2. Define an address group, for the entries created in the previous step by going to Firewall> Group.
  3. Create a new internal to wan1 firewall policy, where this group is the source address. Ensure NAT is enabled.
  4. Move this new policy above your standard policy for Internet access.

Whenever a user accesses the Internet, they will still use the older policy unless they are a member of the group you define.

The FortiGate Administration Guide provides further detail on each component of the configuration.