Hot!Zone, intra-zone trafic blocking and policy?

New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/22 13:58:39
  • Status: offline
2019/02/08 13:18:19 (permalink)

Zone, intra-zone trafic blocking and policy?

I was wondering if it is possible to use a zone that is blocking intra-zone traffic and create policies to only allow some specific trafic between the interface members of the zone? Or is the "Block intra-zone traffic" an all-or-nothing options?
Something like this:
Source interface: ZONE
Destination interface: ZONE
This post seems to imply that this is (or was) possible but I just can't get it to work:
The idea is that we are redesigning a network with 90+ remote site connected through VPN with 10+ interface each. Almost all of these remote interfaces have no needs to communicate between them except some device that needs communication between the interface. If we could create one zone, blocking traffic globally then only allow some services would be much easier to manage in the long run than creating 4-5 zones and having to create rules for all of them to communicate with the VPN. 
Any one has an idea?

1 Reply Related Threads

    Gold Member
    • Total Posts : 131
    • Scores: 21
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: Zone, intra-zone trafic blocking and policy? 2019/02/11 04:39:42 (permalink)
    It seems to me like this should work, no problem.  I've only done zone-to-zone rules once or twice, but it worked fine for me.  Maybe there's something else going on related to the VPN specifically?
    What do the logs tell you?  I don't know if you have a FortiAnalyzer, but we log *everything* to it and it saves our bacon constantly when something goes wrong.
    - Daniel
    Jump to:
    © 2019 APG vNext Commercial Version 5.5