How to restrict Fortigate firewall WAN-side GUI to certain IP addresses (Untested CLI commands)

Subject: How to restrict Fortigate firewall WAN-side GUI to certain IP addresses (Untested CLI commands)


Good day from Singapore,


Fortigate firewall appliances are based on Linux.


I came up with the following CLI commands after studying an existing Fortigate 60F firewall configuration. These are untested CLI commands. Use them at your own risk!

The objective is to restrict Fortigate firewall WAN-side GUI to certain IP addresses.


config firewall address 

    edit "SKYNET_1"        

set subnet 1.2.3.4 255.255.255.255

    next


    edit "SKYNET_2"

set subnet 5.6.7.8 255.255.255.255    

    next


config firewall addrgrp

    edit "SKYNET"

        set member "SKYNET_1" "SKYNET_2"

    next


config firewall local-in-policy    

    edit 1                

set intf "wan1"        

set srcaddr "SKYNET"        

set dstaddr "all"        

set action accept        

set service "Fortigate_HTTPS" "SSH"        

set schedule "always"    

    next


Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 28 July 2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant with a System Integrator (SI)/computer firm in Singapore. He is an IT enthusiast.





REFERENCES

==========


[1] https://marc.info/?l=netfilter&m=162747775219058&w=2

Comments

Post a Comment

Popular posts from this blog

[24 Mar 2022 Thursday] Erectile Dysfunction and Viagra

Image
Subject: [24 Mar 2022 Thursday] Erectile Dysfunction and Viagra I have erectile dysfunction due to taking medications for mental illness (schizophrenia). Without Viagra, my penis is soft like jelly most of the time. There is no way I can penetrate a woman’s vagina due to erectile dysfunction. Today is the very 1st time I am taking Viagra. It allows my penis to remain hard and fully erected for 2 solid hours during sexual intercourse. Thanks Viagra! I can finally have sex! I am already 44 years old. What am I missing out in life?????? Do I still qualify to be a Japanese Adult Video (JAV) porn star actor???????? Link:  https://m.facebook.com/story.php?story_fbid=10158113552827735&id=646397734
Read more

Patching Linux Kernel 5.5.7 to Add Support for AUFS Filesystem

Subject of Hint: Patching Linux Kernel 5.5.7 to Add Support for AUFS Filesystem ORIGINAL AUTHOR: JIMMY ANDERSON ORIGINAL DATE: 2013-01-20 EDITED BY: TURRITOPSIS DOHRNII TEO EN MING, SINGAPORE EDIT DATE: 15 MAR 2020 SUNDAY MANDATORY PREREQUISITES ======================= You *MUST* follow the guide/hint here first (COMPULSORY): http://lists.linuxfromscratch.org/pipermail/hints/2020-March/003334.html HINT ==== To obtain the aufs5 kernel patches, do the following:   $ sudo apt install git #------------ Cut and Paste start cd $LFS/sources git clone git://github.com/sfjro/aufs5-standalone.git \ aufs5-standalone.git cd aufs5-standalone.git git checkout -b origin/aufs5.5 cp aufs5-*.patch .. rm -f include/uapi/linux/Kbuild tar cvfz $LFS/sources/aufs5.tar.gz Documentation fs include cd .. rm -rf aufs5-standalone.git #------------ Cut and Paste end Rebuilding your kernel ======================    Follow the instructions in the LFS/BLFS book and build your LF
Read more