firewall {local-in-policy | local-in-policy6}
Use these commands to create firewall policies for traffic destined for the FortiGate unit itself.
Command | Description |
---|---|
set comments [comment] |
Comments field added, for both |
config firewall local-in-policy edit {policyid} # Configure user defined IPv4 local-in policies. set policyid {integer} User defined local in policy ID. range[0-4294967295] set ha-mgmt-intf-only {enable | disable} Enable/disable dedicating the HA management interface only for local-in policy. set intf {string} Incoming interface name from available options. size[35] - datasource(s): system.zone.name,system.interface.name config srcaddr edit {name} # Source address object from available options. set name {string} Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name next config dstaddr edit {name} # Destination address object from available options. set name {string} Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name next set action {accept | deny} Action performed on traffic matching the policy (default = deny). accept Allow traffic matching this policy. deny Deny or block traffic matching this policy. config service edit {name} # Service object from available options. set name {string} Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name next set schedule {string} Schedule object from available options. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name set status {enable | disable} Enable/disable this local-in policy. set comments {string} Comment. size[1023] next end
config firewall local-in-policy6 edit {policyid} # Configure user defined IPv6 local-in policies. set policyid {integer} User defined local in policy ID. range[0-4294967295] set intf {string} Incoming interface name from available options. size[35] - datasource(s): system.zone.name,system.interface.name config srcaddr edit {name} # Source address object from available options. set name {string} Address name. size[64] - datasource(s): firewall.address6.name,firewall.addrgrp6.name next config dstaddr edit {name} # Destination address object from available options. set name {string} Address name. size[64] - datasource(s): firewall.address6.name,firewall.addrgrp6.name next set action {accept | deny} Action performed on traffic matching the policy (default = deny). accept Allow local-in traffic matching this policy. deny Deny or block local-in traffic matching this policy. config service edit {name} # Service object from available options. Separate names with a space. set name {string} Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name next set schedule {string} Schedule object from available options. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name set status {enable | disable} Enable/disable this local-in policy. set comments {string} Comment. size[1023] next end
Additional information
The following section is for those options that require additional explanation.