Fortinet Document Library

Version:


Table of Contents

New Features

6.2.0
Download PDF
Copy Link

Firewall - Anti-Replay Option Per-Policy

When the global anti-replay option is disabled, the FortiGate does not check TCP flags in packets. This feature adds a per policy anti-replay option that overrides the global setting. This allows you to control whether or not TCP flags are checked per policy.

In this example, a policy is created with the anti-replay option enabled so that TCP flags are checked:

config firewall policy

edit 1

set name "policyid-1"

set uuid dfcaec9c-e925-51e8-cf3e-fed9a1d42a1c

set srcintf "wan2"

set dstintf "wan1"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

set anti-replay enable

set logtraffic all

set nat enable

next

end

Firewall - Anti-Replay Option Per-Policy

When the global anti-replay option is disabled, the FortiGate does not check TCP flags in packets. This feature adds a per policy anti-replay option that overrides the global setting. This allows you to control whether or not TCP flags are checked per policy.

In this example, a policy is created with the anti-replay option enabled so that TCP flags are checked:

config firewall policy

edit 1

set name "policyid-1"

set uuid dfcaec9c-e925-51e8-cf3e-fed9a1d42a1c

set srcintf "wan2"

set dstintf "wan1"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

set anti-replay enable

set logtraffic all

set nat enable

next

end