internal network ---------- fortigate --------- internet
objective: create 3 policy
1 user internet policy --- web access
2 user mobile policy --- web access with web filtering
3 admin policy --- sys admin unrestricted access
======================
1 user internet policy
policy & object > IPv4 Policy >
name = internet
Service = DNS, HTTP, HTTPS
NAT = enabled
Log Allowed Traffic = All Sessions
=====================
2 user mobile policy
policy & object > IPv4 Policy >
name = Mobile
incoming interface = lan
outgoing interface = wan
source = mobile devices, all
dest = all
service = DNS, HTTP, HTTPS
NAT = enabled
web filter = enabled, default
SSL/SSH inspection = enabled, certificate-inspection
Log Allowed Traffic = All Sessions
======================
3 admin policy
user & devices > Custom Devices & Groups > Create New > new
device
alias = Admin
Mac = xxxx
Device Type = windows pc
policy & object > ipv4 policy
name = Admin
incoming interface = lan
outgoing interface = wan1
source = all, admin PC
dest = all
service = all
nat = enabled
log allowed traffic = all session
save
Policy & object > Ipv4 Policy > By Sequence -> urutannya
1 internet
2 mobile
3 admin
4 implicit deny
^ untuk ngubah urutan policy tgl drag nomernya keatas
==================
nice
ReplyDeleteCISCO Certified Partner
Fortinet Certified Partner
Certified Paloalto Partner