Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JOSIAH_BOZIAH
New Contributor III

Unable to Move VIP Group Firewall Policy to the top.

Hello All,

I Created a Virtual IP and Group for RDP access, then created the Firewall policy. I am unable to move the Virtual IP Group Policy to the top in Interface Pair View but I can in By Sequence. is that the way its supposed to be done? The external connection using RDP does work.

1 Solution
lobstercreed

Hey Josiah,

 

That IS the top of the effective policies for that traffic.  That's what so beautiful about interface pair view - you only have to look at the relevant policies. 

 

If the traffic you're concerned about is coming FROM wan1, the policies affecting traffic FROM lan have no effect.  You could build thousands of LAN -> WAN policies and none of them would prevent this WAN -> LAN policy from being the first one considered for traffic from the WAN.

 

Hope that helps!  Welcome to FortiGates...  :) 

 

- Daniel

View solution in original post

4 REPLIES 4
ede_pfau
Esteemed Contributor III

please show us the policy...


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
JOSIAH_BOZIAH
New Contributor III

here you go!

lobstercreed

Hey Josiah,

 

That IS the top of the effective policies for that traffic.  That's what so beautiful about interface pair view - you only have to look at the relevant policies. 

 

If the traffic you're concerned about is coming FROM wan1, the policies affecting traffic FROM lan have no effect.  You could build thousands of LAN -> WAN policies and none of them would prevent this WAN -> LAN policy from being the first one considered for traffic from the WAN.

 

Hope that helps!  Welcome to FortiGates...  :) 

 

- Daniel

JOSIAH_BOZIAH

Thanks for the information.

Labels
Top Kudoed Authors