Fortinet white logo
Fortinet white logo

Online Help

Zone Configuration on Tuning Page

Zone Configuration on Tuning Page

Switch zone-based and policy-based policies

Fortinet supports both zone-based policies and policy-based policies. If it is required to change a zone-based policy firewall to an interface-based policy firewall or vice versa, it can be done by deleting or creating zones in the Tuning page.

Change zone-based policies into interface-based policies

When users delete a zone in the tuning page, FortiConverter would find zone references in the policies, and change them into the zone member interfaces.

For example, the zones "trust" and "untrust" are configured as the follows:

And there are 2 policies in the converted configuration:

When "trust" and "untrust" zones are deleted from the zone tuning page, FortiConverter would automatically replace all "trust" referenced policies into "port1", and replace all "untrust" referenced polices into "port2" and "port3". Hence the previous policies become:

Please note that an empty zone cannot be deleted if it is referenced by policies, because deleting an empty zone may result in policies with no interface and would result in import errors.

Change interface-based policies into zone-based policies

When users create a zone in the tuning page, FortiConverter would find references of the zone member interfaces in policies, and change them into the zone names.

For example, there are 2 policies in the converted configuration:

A zone for "port1", and another zone for "port2" and "port3" are created in the zone tuning page:

FortiConverter would automatically replace all "port1" referenced in policies into "Zone1", and replace all "port2" and "port3" referenced in polices into "Zone2". Hence the previous policies become:

Please note that deleting a zone after it is created may change some policies permanently.

For example, deleting "Zone1" and "Zone2" above would get the following policies:

It turns out that the policy interfaces are different from the previous ones. So please be careful while creating and deleting zones.

Zone Configuration on Tuning Page

Zone Configuration on Tuning Page

Switch zone-based and policy-based policies

Fortinet supports both zone-based policies and policy-based policies. If it is required to change a zone-based policy firewall to an interface-based policy firewall or vice versa, it can be done by deleting or creating zones in the Tuning page.

Change zone-based policies into interface-based policies

When users delete a zone in the tuning page, FortiConverter would find zone references in the policies, and change them into the zone member interfaces.

For example, the zones "trust" and "untrust" are configured as the follows:

And there are 2 policies in the converted configuration:

When "trust" and "untrust" zones are deleted from the zone tuning page, FortiConverter would automatically replace all "trust" referenced policies into "port1", and replace all "untrust" referenced polices into "port2" and "port3". Hence the previous policies become:

Please note that an empty zone cannot be deleted if it is referenced by policies, because deleting an empty zone may result in policies with no interface and would result in import errors.

Change interface-based policies into zone-based policies

When users create a zone in the tuning page, FortiConverter would find references of the zone member interfaces in policies, and change them into the zone names.

For example, there are 2 policies in the converted configuration:

A zone for "port1", and another zone for "port2" and "port3" are created in the zone tuning page:

FortiConverter would automatically replace all "port1" referenced in policies into "Zone1", and replace all "port2" and "port3" referenced in polices into "Zone2". Hence the previous policies become:

Please note that deleting a zone after it is created may change some policies permanently.

For example, deleting "Zone1" and "Zone2" above would get the following policies:

It turns out that the policy interfaces are different from the previous ones. So please be careful while creating and deleting zones.