firewall {policy46 | policy64}

Use this command to configure IPv6 <-> IPv4 policies.

Use config firewall policy46 for IPv4-to-IPv6 policies
Use config firewall policy64 for IPv6-to-IPv4 policies

Each policy has a Universally Unique IDentifier (UUID) that is automatically assigned. To view it, use the command get firewall policy46 or get firewall policy64 and look for the uuid field.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command	Description
set ippool {enable \| disable} set poolname <name>	Enable or disable the use of IP pools for NAT46 policies.

config firewall policy46
    edit {policyid}
    # Configure IPv4 to IPv6 policies.
        set permit-any-host {enable | disable}   Enable/disable allowing any host.
        set policyid {integer}   Policy ID. range[0-4294967294]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set srcintf {string}   Source interface name. size[35] - datasource(s): system.zone.name,system.interface.name
        set dstintf {string}   Destination interface name. size[35] - datasource(s): system.interface.name,system.zone.name
        config srcaddr
            edit {name}
            # Source address objects.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
            next
        config dstaddr
            edit {name}
            # Destination address objects.
                set name {string}   Address name. size[64] - datasource(s): firewall.vip46.name,firewall.vipgrp46.name
            next
        set action {accept | deny}   Accept or deny traffic matching the policy.
                accept  Accept matching traffic.
                deny    Deny matching traffic.
        set status {enable | disable}   Enable/disable this policy.
        set schedule {string}   Schedule name. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name
        config service
            edit {name}
            # Service name.
                set name {string}   Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name
            next
        set logtraffic {enable | disable}   Enable/disable traffic logging for this policy.
        set traffic-shaper {string}   Traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name
        set traffic-shaper-reverse {string}   Reverse traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name
        set per-ip-shaper {string}   Per IP traffic shaper. size[35] - datasource(s): firewall.shaper.per-ip-shaper.name
        set fixedport {enable | disable}   Enable/disable fixed port for this policy.
        set tcp-mss-sender {integer}   TCP Maximum Segment Size value of sender (0 - 65535, default = 0). range[0-65535]
        set tcp-mss-receiver {integer}   TCP Maximum Segment Size value of receiver (0 - 65535, default = 0) range[0-65535]
        set comments {string}   Comment. size[1023]
        set ippool {enable | disable}   Enable/disable use of IP Pools for source NAT.
        config poolname
            edit {name}
            # IP Pool names.
                set name {string}   IP pool name. size[64] - datasource(s): firewall.ippool6.name
            next
    next
end

config firewall policy64
    edit {policyid}
    # Configure IPv6 to IPv4 policies.
        set policyid {integer}   Policy ID. range[0-4294967294]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set srcintf {string}   Source interface name. size[35] - datasource(s): system.zone.name,system.interface.name
        set dstintf {string}   Destination interface name. size[35] - datasource(s): system.interface.name,system.zone.name
        config srcaddr
            edit {name}
            # Source address name.
                set name {string}   Address name. size[64] - datasource(s): firewall.address6.name,firewall.addrgrp6.name
            next
        config dstaddr
            edit {name}
            # Destination address name.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name,firewall.vip64.name,firewall.vipgrp64.name
            next
        set action {accept | deny}   Policy action.
                accept  Action accept.
                deny    Action deny.
        set status {enable | disable}   Enable/disable policy status.
        set schedule {string}   Schedule name. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name
        config service
            edit {name}
            # Service name.
                set name {string}   Address name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name
            next
        set logtraffic {enable | disable}   Enable/disable policy log traffic.
        set permit-any-host {enable | disable}   Enable/disable permit any host in.
        set traffic-shaper {string}   Traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name
        set traffic-shaper-reverse {string}   Reverse traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name
        set per-ip-shaper {string}   Per-IP traffic shaper. size[35] - datasource(s): firewall.shaper.per-ip-shaper.name
        set fixedport {enable | disable}   Enable/disable policy fixed port.
        set ippool {enable | disable}   Enable/disable policy64 IP pool.
        config poolname
            edit {name}
            # Policy IP pool names.
                set name {string}   IP pool name. size[64] - datasource(s): firewall.ippool.name
            next
        set tcp-mss-sender {integer}   TCP MSS value of sender. range[0-65535]
        set tcp-mss-receiver {integer}   TCP MSS value of receiver. range[0-65535]
        set comments {string}   Comment. size[1023]
    next
end

Additional information

The following section is for those options that require additional explanation.

firewall {policy46 | policy64}

Use this command to configure IPv6 <-> IPv4 policies.

Use config firewall policy46 for IPv4-to-IPv6 policies
Use config firewall policy64 for IPv6-to-IPv4 policies

Each policy has a Universally Unique IDentifier (UUID) that is automatically assigned. To view it, use the command get firewall policy46 or get firewall policy64 and look for the uuid field.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command	Description
set ippool {enable \| disable} set poolname <name>	Enable or disable the use of IP pools for NAT46 policies.

config firewall policy46
    edit {policyid}
    # Configure IPv4 to IPv6 policies.
        set permit-any-host {enable | disable}   Enable/disable allowing any host.
        set policyid {integer}   Policy ID. range[0-4294967294]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set srcintf {string}   Source interface name. size[35] - datasource(s): system.zone.name,system.interface.name
        set dstintf {string}   Destination interface name. size[35] - datasource(s): system.interface.name,system.zone.name
        config srcaddr
            edit {name}
            # Source address objects.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
            next
        config dstaddr
            edit {name}
            # Destination address objects.
                set name {string}   Address name. size[64] - datasource(s): firewall.vip46.name,firewall.vipgrp46.name
            next
        set action {accept | deny}   Accept or deny traffic matching the policy.
                accept  Accept matching traffic.
                deny    Deny matching traffic.
        set status {enable | disable}   Enable/disable this policy.
        set schedule {string}   Schedule name. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name
        config service
            edit {name}
            # Service name.
                set name {string}   Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name
            next
        set logtraffic {enable | disable}   Enable/disable traffic logging for this policy.
        set traffic-shaper {string}   Traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name
        set traffic-shaper-reverse {string}   Reverse traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name
        set per-ip-shaper {string}   Per IP traffic shaper. size[35] - datasource(s): firewall.shaper.per-ip-shaper.name
        set fixedport {enable | disable}   Enable/disable fixed port for this policy.
        set tcp-mss-sender {integer}   TCP Maximum Segment Size value of sender (0 - 65535, default = 0). range[0-65535]
        set tcp-mss-receiver {integer}   TCP Maximum Segment Size value of receiver (0 - 65535, default = 0) range[0-65535]
        set comments {string}   Comment. size[1023]
        set ippool {enable | disable}   Enable/disable use of IP Pools for source NAT.
        config poolname
            edit {name}
            # IP Pool names.
                set name {string}   IP pool name. size[64] - datasource(s): firewall.ippool6.name
            next
    next
end

config firewall policy64
    edit {policyid}
    # Configure IPv6 to IPv4 policies.
        set policyid {integer}   Policy ID. range[0-4294967294]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set srcintf {string}   Source interface name. size[35] - datasource(s): system.zone.name,system.interface.name
        set dstintf {string}   Destination interface name. size[35] - datasource(s): system.interface.name,system.zone.name
        config srcaddr
            edit {name}
            # Source address name.
                set name {string}   Address name. size[64] - datasource(s): firewall.address6.name,firewall.addrgrp6.name
            next
        config dstaddr
            edit {name}
            # Destination address name.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name,firewall.vip64.name,firewall.vipgrp64.name
            next
        set action {accept | deny}   Policy action.
                accept  Action accept.
                deny    Action deny.
        set status {enable | disable}   Enable/disable policy status.
        set schedule {string}   Schedule name. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name
        config service
            edit {name}
            # Service name.
                set name {string}   Address name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name
            next
        set logtraffic {enable | disable}   Enable/disable policy log traffic.
        set permit-any-host {enable | disable}   Enable/disable permit any host in.
        set traffic-shaper {string}   Traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name
        set traffic-shaper-reverse {string}   Reverse traffic shaper. size[35] - datasource(s): firewall.shaper.traffic-shaper.name
        set per-ip-shaper {string}   Per-IP traffic shaper. size[35] - datasource(s): firewall.shaper.per-ip-shaper.name
        set fixedport {enable | disable}   Enable/disable policy fixed port.
        set ippool {enable | disable}   Enable/disable policy64 IP pool.
        config poolname
            edit {name}
            # Policy IP pool names.
                set name {string}   IP pool name. size[64] - datasource(s): firewall.ippool.name
            next
        set tcp-mss-sender {integer}   TCP MSS value of sender. range[0-65535]
        set tcp-mss-receiver {integer}   TCP MSS value of receiver. range[0-65535]
        set comments {string}   Comment. size[1023]
    next
end

Additional information

The following section is for those options that require additional explanation.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

CLI Reference

firewall {policy46 | policy64}