Scribd
Upload
2 views

Technical Tip_ Block remote users from accessing t... - Fortinet Community

This technical tip provides instructions on how to block remote users from accessing internal network resources outside of office hours using FortiGate. It outlines two methods: blocking all connections from FortiClient after business hours or restricting access based on a schedule. The article includes configuration steps for both CLI and GUI to implement these restrictions effectively.

Uploaded by

kushika
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

Technical Tip_ Block remote users from accessing t... - Fortinet Community

This technical tip provides instructions on how to block remote users from accessing internal network resources outside of office hours using FortiGate. It outlines two methods: blocking all connections from FortiClient after business hours or restricting access based on a schedule. The article includes configuration steps for both CLI and GUI to implement these restrictions effectively.

Uploaded by

kushika
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Technical Tip: Block remote users from accessing t... - Fortinet Community https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/artic...

Fortinet Community > Knowledge Base > FortiGate


> Technical Tip: Block remote users from accessing t...

MisbaN Staff

Created on 04-30-2025 06:01 AM Edited on 05-01-2025 10:58 PM By Anthony_E

Article Id 389989
Technical Tip: Block remote users from accessing the Internal Network out of
Office hours

Description This article describes how to block the remote users from accessing the internal resource su
Scope FortiGate.

1 de 5 07/05/2025, 18:14
Technical Tip: Block remote users from accessing t... - Fortinet Community https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/artic...

Solution This article describes for restricting the remote users accessing the resources from the inter
beachieved in 2 ways.
1. Either block all the connection coming from the FortiClient for the remote users after t
2. Just by blocking the traffic when trying to access the resources from the internal netw
VPN following the following guide: FortiGate 7.0.6 SSL VPN

In this example, SSL VPN will only be accessible from Monday to Friday from 09:00 AM to 0
during off business hours.

Configure two recurring schedules. One will be for weekdays, and another will be for

CLI:

config firewall schedule recurring


edit "DENY-OFF-BH-MON-FRI"
set start 18:01
set end 08:59
set day monday tuesday wednesday thursday friday
next
edit "DENY-OFF-BH-SAT-SUN"
set day sunday saturday
next
end
config firewall schedule group
edit "Schedule the Firewall Policy"
set member "DENY-OFF-BH-MON-FRI" "DENY-OFF-BH-SAT-SUN"
next
end

GUI:

2 de 5 07/05/2025, 18:14
Technical Tip: Block remote users from accessing t... - Fortinet Community https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/artic...

For situation 1:
It is expected to have a firewall policy from the ssl.root to WAN interface (as given below):

Change the Schedule from 'Always' to 'Schedule the Firewall Policy'. That will block the For
FortiGate.

Result:
Users are unable to connect to the FortiGate using FortiClient.

For situation 2:
It is expected to have a Firewall Policy from ssl.root to LAN interface/ Internal resources (as
firewall policy created from ssl.root to local subnet (LAN / Internal resource).

3 de 5 07/05/2025, 18:14
Technical Tip: Block remote users from accessing t... - Fortinet Community https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/artic...

As observed, the firewall is set for scheduling the traffic for local subnet from ssl-root for Tes

Results:
Users are not able to access the resource, even when connected to the FortiGate using For

For confirming if the traffic is being blocked, set the packet capture based on ssl-vpn ip poo
The traffic for SSL VPN is incoming and also trying to ping the local resource, but there is n
It is possible to conclude that he traffic from internal resources is being blocked.

4 de 5 07/05/2025, 18:14
Technical Tip: Block remote users from accessing t... - Fortinet Community https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/artic...

Related articles:
Technical Tip: How to permit temporary access to a site during a particular time slot
Technical Tip: Configuring a Firewall Policy which is valid only at certain days or hours by u

107
 0 Kudos

Article Feedback

5 de 5 07/05/2025, 18:14

You might also like