Helpful ReplyHot!Fortigate 100F. Exception in an address object

Author
Olala1389
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/10/27 12:22:42
  • Status: offline
2020/10/27 12:29:01 (permalink)
0

Fortigate 100F. Exception in an address object

Hello all,
I want to let subnet 10.0.0.0/8 out to the internet, however, i want to filter out 10.1.100.0/24. How do I do it in my 100F? Sorry, moved to Fortigate from a different product. 
#1
Toshi Esumi
Expert Member
  • Total Posts : 2336
  • Scores: 227
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: Fortigate 100F. Exception in an address object 2020/10/27 13:13:56 (permalink) ☄ Helpfulby Olala1389 2020/10/28 18:32:12
0
Create a deny policy for 10.1.100.0/24 then place it above a policy to allow 10.0.0.0/8.
#2
Olala1389
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/10/27 12:22:42
  • Status: offline
Re: Fortigate 100F. Exception in an address object 2020/10/28 18:31:57 (permalink)
0
Thank you for the solution! In Barracuda it was all in one rule, was hoping for something like that.
#3
Toshi Esumi
Expert Member
  • Total Posts : 2336
  • Scores: 227
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: Fortigate 100F. Exception in an address object 2020/10/29 09:26:23 (permalink)
0
If it were simply negate 10.1.100.0/24 then the rest were allowed, you could use a negate address like in the KB. But one policy doesn't seem to have a negate and normal addresses. So you still need to have two policies any way.
But even if they can co-exist in one policy, the FW would operate exactly the same way with two policies. So I don't see much benefit operation-wise. I think that's why they haven't added the feature yet. Nor strong demands.
#4
Jump to:
© 2020 APG vNext Commercial Version 5.5