Hi Everyone, I am being tested at work for my networking skills with a huge lab and I dont have any experience in firewalls, I have a ccna routing and switching only and I am being asked to design a 2 site network(site one> fortigate, core switch and access switch, site 2 is a single switch). I think I found a (Second) mistake in the lab(the first was an IP that made no sense and I found in like 15 min of looking). The scenario is that we have a snmp server in our server subnet that is getting attacked and I must block the relevant ports, I only have one fw policy that allows anything from the internet at all that isnt a vpn client(really its 2 because of a redundant backup ISP connect but doesnt affect this), this uses 2 a virtual ips I have for a webserver in a dmz. Internal users and the webserver have internet access. There are no other allowed policies from either internet port, just the ones from the isp to the webserver dmz. Does the implicit deny already cover this attack?  I feel like denying anything that hasnt already been allowed by another policy is redundant. Or please correct me, I have never touched a firewall before, so this lab feels way over my head but I think ive managed to complete everything he threw at me even though im completely lost on the fortigate stuff. Super proud of what i built but i want to be sure if im going to say he messed up(again). Also do i need to make policies for the two isp connections to the two internal connections(redundant) to block anything in particular? I made some rules that block all too all from Internet to inside but as i think about this they seem to also be redundant. Thanks for any feedback. Please let me know if I am not being clear.