Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB

Mark Thread UnreadFlat Reading Mode ❐

Hot!Zone, intra-zone trafic blocking and policy?

Author Post Essentials Only Full Version
pfrancoeur New Member Total Posts : 1 Scores: 0 Reward points: 0 Joined: 2019/01/22 13:58:39 Status: offline 2019/02/08 13:18:19 (permalink) 0 Zone, intra-zone trafic blocking and policy? I was wondering if it is possible to use a zone that is blocking intra-zone traffic and create policies to only allow some specific trafic between the interface members of the zone? Or is the "Block intra-zone traffic" an all-or-nothing options? Something like this: Source interface: ZONE Destination interface: ZONE Source IP: SOME_SERVER Destination IP: SOME_OTHER_DEVICE This post seems to imply that this is (or was) possible but I just can't get it to work: https://forum.fortinet.com/tm.aspx?m=115382 The idea is that we are redesigning a network with 90+ remote site connected through VPN with 10+ interface each. Almost all of these remote interfaces have no needs to communicate between them except some device that needs communication between the interface. If we could create one zone, blocking traffic globally then only allow some services would be much easier to manage in the long run than creating 4-5 zones and having to create rules for all of them to communicate with the VPN. Any one has an idea? #1 1 Reply Related Threads
lobstercreed Gold Member Total Posts : 131 Scores: 21 Reward points: 0 Joined: 2018/11/28 14:57:58 Location: Sedalia, MO Status: offline Re: Zone, intra-zone trafic blocking and policy? 2019/02/11 04:39:42 (permalink) 0 Pierre, It seems to me like this should work, no problem. I've only done zone-to-zone rules once or twice, but it worked fine for me. Maybe there's something else going on related to the VPN specifically? What do the logs tell you? I don't know if you have a FortiAnalyzer, but we log everything to it and it saves our bacon constantly when something goes wrong. - Daniel #2

Author

Post

Essentials Only Full Version

pfrancoeur

New Member

Total Posts : 1
Scores: 0
Reward points: 0
Joined: 2019/01/22 13:58:39
Status: offline

2019/02/08 13:18:19 (permalink)

Zone, intra-zone trafic blocking and policy?

I was wondering if it is possible to use a zone that is blocking intra-zone traffic and create policies to only allow some specific trafic between the interface members of the zone? Or is the "Block intra-zone traffic" an all-or-nothing options?

Something like this:

Source interface: ZONE
Destination interface: ZONE
Source IP: SOME_SERVER
Destination IP: SOME_OTHER_DEVICE

This post seems to imply that this is (or was) possible but I just can't get it to work: https://forum.fortinet.com/tm.aspx?m=115382

The idea is that we are redesigning a network with 90+ remote site connected through VPN with 10+ interface each. Almost all of these remote interfaces have no needs to communicate between them except some device that needs communication between the interface. If we could create one zone, blocking traffic globally then only allow some services would be much easier to manage in the long run than creating 4-5 zones and having to create rules for all of them to communicate with the VPN.

Any one has an idea?

1 Reply Related Threads

lobstercreed

Gold Member

Total Posts : 131
Scores: 21
Reward points: 0
Joined: 2018/11/28 14:57:58
Location: Sedalia, MO
Status: offline

Re: Zone, intra-zone trafic blocking and policy? 2019/02/11 04:39:42 (permalink)

Pierre,

It seems to me like this should work, no problem. I've only done zone-to-zone rules once or twice, but it worked fine for me. Maybe there's something else going on related to the VPN specifically?

What do the logs tell you? I don't know if you have a FortiAnalyzer, but we log *everything* to it and it saves our bacon constantly when something goes wrong.

- Daniel

Jump to: