If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source field of a firewall policy?
A.
IP address
B.
Once Internet Service is selected, no other object can be added
C is correct, I have just confirmed this on a Production Fortigate FW and you can add user/User group but you cannot add Address group with ISDB object. It will simply show a red highlighted error which is read as "Addresses/groups cannot be mixed with Internet Services'
I think it's "C"
Service : This option is only available when Destination Internet Service is off.
So if you are on source you should be able to add users and groups, I didn't test but as per theory that is what is looks like.
https://docs.fortinet.com/document/fortimanager/6.2.1/administration-guide/663598/create-new-firewall-policy
A and D are not correct for a very simple reason: The internet service dictates them already. If you choose AWS-Web als the service, then AWS has a fixed set of IP addresses and domain names that define them. Makes no sense to say I want to block AWS on Google.com or something like this. If it is Google.com it is not AWS anymore.
C is correct and makes sense - I want to block AWS, but only for certain users in my company.
Correct answer is A. "You CANNOT mix regular address objects with ISDB objects, and you CANNOT select services on a firewall policy." Direct quote from Security 6.4 study guide page 109.
The correct Answer is A, you CAN add user/groups if you have added Internet Service as a Source. You CAN'T add (IP) addresses or address groups in the Source if you have Internet Service there also. I just tested this in a VM instance of a FG.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
siscoFe
Highly Voted 3 years, 11 months agoG33
Highly Voted 3 years, 11 months agoG33
3 years, 9 months agowwwwaaaa
1 year, 5 months agoNicolaeEast
Most Recent 2 years, 8 months agomob9
2 years, 9 months agoSandroAlex
3 years, 1 month agohume2022
3 years, 1 month agoWachiturro
3 years, 2 months agoaandreou020
3 years, 2 months agoaandreou020
3 years, 2 months agolrosadini
3 years, 3 months agoRman0059
3 years, 5 months agoviestner
3 years, 8 months agoviestner
3 years, 8 months agoFortiSherlock
3 years, 9 months agojarz
3 years, 9 months agoChuckC
2 years, 9 months agoAmrani
3 years, 10 months agojarz
3 years, 10 months agoChuckC
2 years, 9 months agoZaiderr
3 years, 11 months agoDjohan23
4 years ago