Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How To Configure LAN To LAN Firewall Policy In Fortigate Firewall

Here in this article, let us discuss how to configure firewall policy between two different networks which are connected to two different ports of the firewall.

First step you need to configure two different ports with two different subnets.

Configuring port4 for “192.168.1.0/24” and port5 with “192.168.2.0/24”.

Configuration of port4:

Under Network >> interfaces section, click on port4

Since it is LAN port, under role mention it as “LAN”

Addressing mode keep it as “Manual”

IP/Netmask: 192.168.1.1/24 (Here 192.168.1.1 is the firewall IP address for this port)

For administrative access, if you want to access GUI of the firewall and other services of the firewall with this IP address, you can enable respective services.

If you want to configure this port as DHCP server, you can enable DHCP server so that clients which are in this broad cast domain will be getting IP address from the firewall.

Now click on Save.

Screenshot for your reference:

Port4top

port4bottom

Configuration of port5:

Under Network >> interfaces section, click on port5

Since it is LAN port, under role mention it as “LAN”

Addressing mode keep it as “Manual”

IP/Netmask: 192.168.2.1/24 (Here 192.168.2.1 is the firewall IP address for this port)

For administrative access, if you want to access GUI of the firewall and other services of the firewall with this IP address, you can enable respective services.

If you want to configure this port as DHCP server, you can enable DHCP server so that clients which are in this broad cast domain will be getting IP address from the firewall.

Now click on Save.

Screenshot for your reference:

port5top

port5bottom

Now you have configured port4 and port5.

We need to configure firewall policy to allow communication between port4 and port5 network and vice versa.

Usually you cannot define two interfaces in the firewall policy while selecting incoming interface or outgoing interface. So, first you need to enable multiple interface option under system >> feature visibility.

featurevisibility

Before configuring firewall policy, we will define two network objects, one for “192.168.1.0/24” network and other for “192.168.2.0/24” network.

Configuring Network objects:

Under policy objects >> address tab, click on create new:

Name: Give some name to object

Type: select subnet

IP/Netmask: 192.168.1.0/24

Click on save.

Screenshot for reference:

networkobject

In the same way, create another object for “192.168.2.0/24” as well.

Configure firewall policy:

Now the final step is to configure firewall policy between these two ports to allow the communication in both directions.

Under policy objects>> firewall policy>> click on create new:

Name: You can give any name.

Incoming Interface: You can select both ports (port4 & port5) as incoming interface, since you want bidirectional communication.

Outgoing Interface: You can select both ports (port4 & port5) as incoming interface, since you want bidirectional communication.

Source: You can select both network objects (192.168.1.0/24 and 192.168.2.0/24).

Destination: You can select both network objects (192.168.1.0/24 and 192.168.2.0/24).

Schedule: Based on your requirement you can select it, i have kept it as always.

Action: Accept (To allow the traffic)

Nat: You can disable NAT as it is not required for internal to internal communication.

Security profiles:

You can apply security profiles according to your requirement, its better to disable the unwanted profiles since it is trusted zone, you can enable only IPS and anti virus which will prevent virus from traversing.

Log Allowed Traffic:

You can log all the traffic or only the traffic which is getting detected by the UTM based on your requirement.

Click on Enable the policy and Save it.

Screenshots for your reference:

fwtop

fwbottom

Now the traffic will be flown bidirectionally.