Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gwx
New Contributor

opening ports for internal traffic only

Hi,

 

newbie of newbies here, please dont draw your forks.

i have searched for an answer before posing this, did not find anything that could help.

 

here we go,

 

fortiwifi 30E, fortios 6.0.1, operation mode : nat, two active ports under hardware switch as lan, no wan

 

i want a very very VERY simple thing as i understand it,

define custom port  X  for custom service only for internal network, lan, all good.

define policy to allow traffic between two lan ports with this service, all good ( no nat needed )

 

test with any port scanner to check if this port is open over lan -> get nada, zilch, no good.

 

any help, advice, kick in brain ?

 

thnkx in advance.

1 REPLY 1
Nicholas_Doropoulos
Contributor

Hi,

 

I'm not sure I fully understand what you are looking for but it's probably worth noting the following:

 

1) If what you intend to do is exclusively for internal use (as you pointed out) then you definitely DON'T need a policy since local transmissions of traffic do not need to traverse a firewall/fortiwifi.

 

2) For the same reason, you don't need to open any ports either (if again traffic is local). For future reference though, you can open ports by "service", meaning that you would need to create a policy with the action to allow and then, if say you want to open port 443, you would choose the HTTPS service. You can create your own custom services as well whereby you can specify the exact ports you want to open.

 

I hope that helps.

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
Labels
Top Kudoed Authors