Fortinet black logo

CLI Reference

firewall policy46

Configure IPv4 to IPv6 policies.

  config firewall policy46
      Description: Configure IPv4 to IPv6 policies.
      edit <policyid>
          set permit-any-host [enable|disable]
          set uuid {uuid}
          set srcintf {string}
          set dstintf {string}
          set srcaddr <name1>, <name2>, ...
          set dstaddr <name1>, <name2>, ...
          set action [accept|deny]
          set status [enable|disable]
          set schedule {string}
          set service <name1>, <name2>, ...
          set logtraffic [enable|disable]
          set logtraffic-start [enable|disable]
          set traffic-shaper {string}
          set traffic-shaper-reverse {string}
          set per-ip-shaper {string}
          set fixedport [enable|disable]
          set tcp-mss-sender {integer}
          set tcp-mss-receiver {integer}
          set comments {var-string}
          set ippool [enable|disable]
          set poolname <name1>, <name2>, ...
      next
  end

config firewall policy46

Parameter Name Description Type Size
permit-any-host Enable/disable allowing any host.
enable: Allow any host.
disable: Do not allow any host.
option -
uuid Universally Unique Identifier (UUID; automatically assigned but can be manually reset). uuid Not Specified
srcintf Source interface name. string Maximum length: 35
dstintf Destination interface name. string Maximum length: 35
srcaddr <name> Source address objects.
Address name.
string Maximum length: 79
dstaddr <name> Destination address objects.
Address name.
string Maximum length: 79
action Accept or deny traffic matching the policy.
accept: Accept matching traffic.
deny: Deny matching traffic.
option -
status Enable/disable this policy.
enable: Enable this policy.
disable: Disable this policy.
option -
schedule Schedule name. string Maximum length: 35
service <name> Service name.
Service name.
string Maximum length: 79
logtraffic Enable/disable traffic logging for this policy.
enable: Enable traffic logging.
disable: Disable traffic logging.
option -
logtraffic-start Record logs when a session starts and ends.
enable: Enable setting.
disable: Disable setting.
option -
traffic-shaper Traffic shaper. string Maximum length: 35
traffic-shaper-reverse Reverse traffic shaper. string Maximum length: 35
per-ip-shaper Per IP traffic shaper. string Maximum length: 35
fixedport Enable/disable fixed port for this policy.
enable: Enable fixed port for this policy.
disable: Disable fixed port for this policy.
option -
tcp-mss-sender TCP Maximum Segment Size value of sender (0 - 65535, default = 0). integer Minimum value: 0 Maximum value: 65535
tcp-mss-receiver TCP Maximum Segment Size value of receiver (0 - 65535, default = 0) integer Minimum value: 0 Maximum value: 65535
comments Comment. var-string Maximum length: 1023
ippool Enable/disable use of IP Pools for source NAT.
enable: Enable use of IP Pools for source NAT.
disable: Disable use of IP Pools for source NAT.
option -
poolname <name> IP Pool names.
IP pool name.
string Maximum length: 79

Configure IPv4 to IPv6 policies.

  config firewall policy46
      Description: Configure IPv4 to IPv6 policies.
      edit <policyid>
          set permit-any-host [enable|disable]
          set uuid {uuid}
          set srcintf {string}
          set dstintf {string}
          set srcaddr <name1>, <name2>, ...
          set dstaddr <name1>, <name2>, ...
          set action [accept|deny]
          set status [enable|disable]
          set schedule {string}
          set service <name1>, <name2>, ...
          set logtraffic [enable|disable]
          set logtraffic-start [enable|disable]
          set traffic-shaper {string}
          set traffic-shaper-reverse {string}
          set per-ip-shaper {string}
          set fixedport [enable|disable]
          set tcp-mss-sender {integer}
          set tcp-mss-receiver {integer}
          set comments {var-string}
          set ippool [enable|disable]
          set poolname <name1>, <name2>, ...
      next
  end

config firewall policy46

Parameter Name Description Type Size
permit-any-host Enable/disable allowing any host.
enable: Allow any host.
disable: Do not allow any host.
option -
uuid Universally Unique Identifier (UUID; automatically assigned but can be manually reset). uuid Not Specified
srcintf Source interface name. string Maximum length: 35
dstintf Destination interface name. string Maximum length: 35
srcaddr <name> Source address objects.
Address name.
string Maximum length: 79
dstaddr <name> Destination address objects.
Address name.
string Maximum length: 79
action Accept or deny traffic matching the policy.
accept: Accept matching traffic.
deny: Deny matching traffic.
option -
status Enable/disable this policy.
enable: Enable this policy.
disable: Disable this policy.
option -
schedule Schedule name. string Maximum length: 35
service <name> Service name.
Service name.
string Maximum length: 79
logtraffic Enable/disable traffic logging for this policy.
enable: Enable traffic logging.
disable: Disable traffic logging.
option -
logtraffic-start Record logs when a session starts and ends.
enable: Enable setting.
disable: Disable setting.
option -
traffic-shaper Traffic shaper. string Maximum length: 35
traffic-shaper-reverse Reverse traffic shaper. string Maximum length: 35
per-ip-shaper Per IP traffic shaper. string Maximum length: 35
fixedport Enable/disable fixed port for this policy.
enable: Enable fixed port for this policy.
disable: Disable fixed port for this policy.
option -
tcp-mss-sender TCP Maximum Segment Size value of sender (0 - 65535, default = 0). integer Minimum value: 0 Maximum value: 65535
tcp-mss-receiver TCP Maximum Segment Size value of receiver (0 - 65535, default = 0) integer Minimum value: 0 Maximum value: 65535
comments Comment. var-string Maximum length: 1023
ippool Enable/disable use of IP Pools for source NAT.
enable: Enable use of IP Pools for source NAT.
disable: Disable use of IP Pools for source NAT.
option -
poolname <name> IP Pool names.
IP pool name.
string Maximum length: 79