firewall {policy46 | policy64}
Use this command to configure IPv6 <-> IPv4 policies.
- Use
config firewall policy46
for IPv4-to-IPv6 policies - Use
config firewall policy64
for IPv6-to-IPv4 policies
Each policy has a Universally Unique IDentifier (UUID) that is automatically assigned. To view it, use the command get firewall policy46
or get firewall policy64
and look for the uuid
field.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
set ippool {enable | disable} set poolname <name> |
Enable or disable the use of IP pools for NAT46 policies. |
config firewall policy46 edit {policyid} # Configure IPv4 to IPv6 policies. set permit-any-host {enable | disable} Enable/disable allowing any host. set policyid {integer} Policy ID. range[0-4294967294] set uuid {uuid} Universally Unique Identifier (UUID; automatically assigned but can be manually reset). set srcintf {string} Source interface name. size[35] - datasource(s): system.zone.name,system.interface.name set dstintf {string} Destination interface name. size[35] - datasource(s): system.interface.name,system.zone.name config srcaddr edit {name} # Source address objects. set name {string} Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name next config dstaddr edit {name} # Destination address objects. set name {string} Address name. size[64] - datasource(s): firewall.vip46.name,firewall.vipgrp46.name next set action {accept | deny} Accept or deny traffic matching the policy. accept Accept matching traffic. deny Deny matching traffic. set status {enable | disable} Enable/disable this policy. set schedule {string} Schedule name. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name config service edit {name} # Service name. set name {string} Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name next set logtraffic {enable | disable} Enable/disable traffic logging for this policy. set traffic-shaper {string} Traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name set traffic-shaper-reverse {string} Reverse traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name set per-ip-shaper {string} Per IP traffic shaper. size[35] - datasource(s): firewall.shaper.per-ip-shaper.name set fixedport {enable | disable} Enable/disable fixed port for this policy. set tcp-mss-sender {integer} TCP Maximum Segment Size value of sender (0 - 65535, default = 0). range[0-65535] set tcp-mss-receiver {integer} TCP Maximum Segment Size value of receiver (0 - 65535, default = 0) range[0-65535] set comments {string} Comment. size[1023] set ippool {enable | disable} Enable/disable use of IP Pools for source NAT. config poolname edit {name} # IP Pool names. set name {string} IP pool name. size[64] - datasource(s): firewall.ippool6.name next next end
config firewall policy64 edit {policyid} # Configure IPv6 to IPv4 policies. set policyid {integer} Policy ID. range[0-4294967294] set uuid {uuid} Universally Unique Identifier (UUID; automatically assigned but can be manually reset). set srcintf {string} Source interface name. size[35] - datasource(s): system.zone.name,system.interface.name set dstintf {string} Destination interface name. size[35] - datasource(s): system.interface.name,system.zone.name config srcaddr edit {name} # Source address name. set name {string} Address name. size[64] - datasource(s): firewall.address6.name,firewall.addrgrp6.name next config dstaddr edit {name} # Destination address name. set name {string} Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name,firewall.vip64.name,firewall.vipgrp64.name next set action {accept | deny} Policy action. accept Action accept. deny Action deny. set status {enable | disable} Enable/disable policy status. set schedule {string} Schedule name. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name config service edit {name} # Service name. set name {string} Address name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name next set logtraffic {enable | disable} Enable/disable policy log traffic. set permit-any-host {enable | disable} Enable/disable permit any host in. set traffic-shaper {string} Traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name set traffic-shaper-reverse {string} Reverse traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name set per-ip-shaper {string} Per-IP traffic shaper. size[35] - datasource(s): firewall.shaper.per-ip-shaper.name set fixedport {enable | disable} Enable/disable policy fixed port. set ippool {enable | disable} Enable/disable policy64 IP pool. config poolname edit {name} # Policy IP pool names. set name {string} IP pool name. size[64] - datasource(s): firewall.ippool.name next set tcp-mss-sender {integer} TCP MSS value of sender. range[0-65535] set tcp-mss-receiver {integer} TCP MSS value of receiver. range[0-65535] set comments {string} Comment. size[1023] next end
Additional information
The following section is for those options that require additional explanation.