Optional Services Firewall
Example 2
Rules for Filtering Packets
l The users from the internet (WAN) can access server 211.21.48.195 inside DMZ through TCP port 7000.
l The hosts 192.168.0.100 – 192.168.0.150 in the LAN can access the Internet (WAN) but the others cannot.
l Users from the Internet (WAN) cannot connect to the port 443 on FortiWAN (i.e. Web Administration on FortiWAN).
Note: “Localhost” represents the address of FortiWAN host machine.
l Users from LAN can access FTP server 192.168.10.1 through port 21.
l Users from the internet cannot ping FortiWAN . Note: To intercept ping messages, users can deny “ICMP” protocol
in service type because ping is a type of “ICMP”.
l Users from the LAN cannot access DMZ.
l Users from the internet (WAN) cannot access LAN and DMZ.
The rules table for the example will look like this:
Source Destination Service Action
WAN 211.21.48.195 TCP@7000 Accept
192.168.0.100-
192.168.0.150
WAN Any Accept
WAN Localhost TCP@443 Deny
121 FortiWAN Handbook
Fortinet Technologies Inc.
To Next Page
Loading...
