Fortinet black logo

Cookbook

Controlling access to data center networks

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:758783
Download PDF

Controlling access to data center networks

Create firewall policies to allow users on the branch office networks to access the data center networks (behind the FortiGate). Security profiles can be added to these firewall policies to inspect of layer 7 traffic.

Include a policy on the data center FortiGate to allow a branch FortiGate to check the health of the data center FortiGate by allowing the branch FortiGate to ping the data center FortiGate IPsec VPN interface:

  • Source interface: IPsec VPN interface
  • Destination interface: Internal interface
  • Source Address: Tunnel IP addresses of branch
  • Destination Address: Data Center 1 FortiGate Internal interface
  • Action: Accept
  • Schedule: Always
  • Service: ICMP

Policies to allow traffic from branch networks to reach data center networks should have the following firewall settings:

  • Source interface: IPsec VPN interface
  • Destination interface: Internal interface
  • Source Address: Branch networks
  • Destination Address: Date center networks
  • Action: Accept
  • Schedule: Always (or define a more restrictive schedule)
  • Service: Allowed Service(s)

Controlling access to data center networks

Create firewall policies to allow users on the branch office networks to access the data center networks (behind the FortiGate). Security profiles can be added to these firewall policies to inspect of layer 7 traffic.

Include a policy on the data center FortiGate to allow a branch FortiGate to check the health of the data center FortiGate by allowing the branch FortiGate to ping the data center FortiGate IPsec VPN interface:

  • Source interface: IPsec VPN interface
  • Destination interface: Internal interface
  • Source Address: Tunnel IP addresses of branch
  • Destination Address: Data Center 1 FortiGate Internal interface
  • Action: Accept
  • Schedule: Always
  • Service: ICMP

Policies to allow traffic from branch networks to reach data center networks should have the following firewall settings:

  • Source interface: IPsec VPN interface
  • Destination interface: Internal interface
  • Source Address: Branch networks
  • Destination Address: Date center networks
  • Action: Accept
  • Schedule: Always (or define a more restrictive schedule)
  • Service: Allowed Service(s)