Created on 09-02-2009 01:40 AM Edited on 05-26-2022 11:56 AM By Anonymous
Description
This article describes a solution to limit the number of Firewall Policies by grouping IP addresses if the same filtering rule(s) can be applied to those addresses.
Scenario
Internet SMTP Server1 === external [ FortiGate] internal ==
Internet SMTP Server2 ===
Internet SMTP Server3 ===
All 3 servers are subject to the same Firewall Rule on the FortiGate, from external to internal.
Solution
Example 1
config firewall address edit "Internet_SMTP1"
endset subnet <IPaddress1 Mask1>
nextedit "Internet_SMTP2" set subnet <IPaddress2 Mask2>
nextedit "Internet_SMTP3" set subnet <IPaddress3 Mask3>
nextconfig firewall policy edit 0
endset srcintf "external"
nextset dstintf "internal" set srcaddr "Internet_SMTP1" "Internet_SMTP2" "Internet_SMTP3" <set all the rest based on your requirements> |
Example 2
config firewall address edit "Internet_SMTP1"
endset subnet <IPaddress1 Mask1>
nextedit "Internet_SMTP2" set subnet <IPaddress2 Mask2>
nextedit "Internet_SMTP3" set subnet <IPaddress3 Mask3>
nextconfig firewall addrgrp edit "External_SMTP_servers"
endset member "Internet_SMTP1" "Internet_SMTP2" "Internet_SMTP3"
nextconfig firewall policy edit 0
endset srcintf "external"
nextset dstintf "internal" set srcaddr "External_SMTP_servers" <set all the rest based on your requirements> |
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.