Thank you very much, both added to the list. Inter-VDOM soon as I want to show what a good segmented device looks like to follow on from the vdom video.
Is there any reason that local in is the preferred method? Or is it just because it gives you the ability to control access via address and service groups like it was normal firewall policy?
Hi Mitch yes that is correct for example adding geo locations and tieing into a threat feed that kind of things, it also protects the entire management plane. Trusted hosts are also fine however they are limited to specific usernames and super easy to cause a conflict like I demonstrated in the previous video opening up access to the public internet. For more information see - docs.fortinet.com/document/fortigate/7.4.1/administration-guide/363127/local-in-policy#:~:text=Local%2Din%20policies%20allow%20administrators,subject%20to%20the%20policies%20action. Don’t forget the implicit deny because local-in isn’t configured by default you need to configure it unlike firewall policies where it’s installed by default.
I like the newer content. Stop saying “um”. Here to support you!
Thank you! I will take that feedback onboard.
Great channel…couple of video ideas
Demo of inter vdom routing
FGSP
Thank you very much, both added to the list. Inter-VDOM soon as I want to show what a good segmented device looks like to follow on from the vdom video.
Is there any reason that local in is the preferred method? Or is it just because it gives you the ability to control access via address and service groups like it was normal firewall policy?
Hi Mitch yes that is correct for example adding geo locations and tieing into a threat feed that kind of things, it also protects the entire management plane. Trusted hosts are also fine however they are limited to specific usernames and super easy to cause a conflict like I demonstrated in the previous video opening up access to the public internet.
For more information see - docs.fortinet.com/document/fortigate/7.4.1/administration-guide/363127/local-in-policy#:~:text=Local%2Din%20policies%20allow%20administrators,subject%20to%20the%20policies%20action.
Don’t forget the implicit deny because local-in isn’t configured by default you need to configure it unlike firewall policies where it’s installed by default.