Traffic destined to the FortiGate unit

Traffic destined to the FortiGate unit

IPS enabled in firewall policies can only inspect the traffic pass through FortiGate unit, not the traffic destined to FortiGate unit. Enabling IPS in interface-policy allows IPS to pick up any packet on the interface so it is able to inspect attacks targeting FGT.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU

One thought on “Traffic destined to the FortiGate unit

  1. I’d be interested in hearing your experience in applying policies to filter traffic destined to the fortigate itself.

    Case in point, I had a customer getting random connections to udp/500 for ike from random hosts scanning the internet, which would generate an ipsec alarm, where normally the customer wants those for a vpn going down. All attempts to filter traffic via firewall policy or even local-in to the fortigate from unknown peers proved fruitless, and even fortinet couldn’t give me a real answer how to accomplish this. I’d also love to filter those stupid 8008 and 8010 ports that fortinet infamously loves to leave open for no good reason.

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.