Fortinet black logo

CLI Reference

config firewall interface-policy

config firewall interface-policy

Configure IPv4 interface policies.

config firewall interface-policy

Description: Configure IPv4 interface policies.

edit <policyid>

set status [enable|disable]

set comments {var-string}

set logtraffic [all|utm|...]

set interface {string}

set srcaddr <name1>, <name2>, ...

set dstaddr <name1>, <name2>, ...

set service <name1>, <name2>, ...

set application-list-status [enable|disable]

set application-list {string}

set ips-sensor-status [enable|disable]

set ips-sensor {string}

set dsri [enable|disable]

set av-profile-status [enable|disable]

set av-profile {string}

set webfilter-profile-status [enable|disable]

set webfilter-profile {string}

set emailfilter-profile-status [enable|disable]

set emailfilter-profile {string}

set dlp-sensor-status [enable|disable]

set dlp-sensor {string}

next

end

config firewall interface-policy

Parameter name

Description

Type

Size

status

Enable/disable this policy.

option

-

Option

Description

enable

Enable this policy.

disable

Disable this policy.

comments

Comments.

var-string

Maximum length: 1023

logtraffic

Logging type to be used in this policy (Options: all | utm | disable, Default: utm).

option

-

Option

Description

all

Log all sessions accepted or denied by this policy.

utm

Log traffic that has a security profile applied to it.

disable

Disable all logging for this policy.

interface

Monitored interface name from available interfaces.

string

Maximum length: 35

srcaddr <name>

Address object to limit traffic monitoring to network traffic sent from the specified address or range.

Address name.

string

Maximum length: 79

dstaddr <name>

Address object to limit traffic monitoring to network traffic sent to the specified address or range.

Address name.

string

Maximum length: 79

service <name>

Service object from available options.

Service name.

string

Maximum length: 79

application-list-status

Enable/disable application control.

option

-

Option

Description

enable

Enable application control

disable

Disable application control

application-list

Application list name.

string

Maximum length: 35

ips-sensor-status

Enable/disable IPS.

option

-

Option

Description

enable

Enable IPS.

disable

Disable IPS.

ips-sensor

IPS sensor name.

string

Maximum length: 35

dsri

Enable/disable DSRI.

option

-

Option

Description

enable

Enable DSRI.

disable

Disable DSRI.

av-profile-status

Enable/disable antivirus.

option

-

Option

Description

enable

Enable antivirus

disable

Disable antivirus

av-profile

Antivirus profile.

string

Maximum length: 35

webfilter-profile-status

Enable/disable web filtering.

option

-

Option

Description

enable

Enable web filtering.

disable

Disable web filtering.

webfilter-profile

Web filter profile.

string

Maximum length: 35

emailfilter-profile-status

Enable/disable email filter.

option

-

Option

Description

enable

Enable Email filter.

disable

Disable Email filter.

emailfilter-profile

Email filter profile.

string

Maximum length: 35

dlp-sensor-status

Enable/disable DLP.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

dlp-sensor

DLP sensor name.

string

Maximum length: 35

config firewall interface-policy

Configure IPv4 interface policies.

config firewall interface-policy

Description: Configure IPv4 interface policies.

edit <policyid>

set status [enable|disable]

set comments {var-string}

set logtraffic [all|utm|...]

set interface {string}

set srcaddr <name1>, <name2>, ...

set dstaddr <name1>, <name2>, ...

set service <name1>, <name2>, ...

set application-list-status [enable|disable]

set application-list {string}

set ips-sensor-status [enable|disable]

set ips-sensor {string}

set dsri [enable|disable]

set av-profile-status [enable|disable]

set av-profile {string}

set webfilter-profile-status [enable|disable]

set webfilter-profile {string}

set emailfilter-profile-status [enable|disable]

set emailfilter-profile {string}

set dlp-sensor-status [enable|disable]

set dlp-sensor {string}

next

end

config firewall interface-policy

Parameter name

Description

Type

Size

status

Enable/disable this policy.

option

-

Option

Description

enable

Enable this policy.

disable

Disable this policy.

comments

Comments.

var-string

Maximum length: 1023

logtraffic

Logging type to be used in this policy (Options: all | utm | disable, Default: utm).

option

-

Option

Description

all

Log all sessions accepted or denied by this policy.

utm

Log traffic that has a security profile applied to it.

disable

Disable all logging for this policy.

interface

Monitored interface name from available interfaces.

string

Maximum length: 35

srcaddr <name>

Address object to limit traffic monitoring to network traffic sent from the specified address or range.

Address name.

string

Maximum length: 79

dstaddr <name>

Address object to limit traffic monitoring to network traffic sent to the specified address or range.

Address name.

string

Maximum length: 79

service <name>

Service object from available options.

Service name.

string

Maximum length: 79

application-list-status

Enable/disable application control.

option

-

Option

Description

enable

Enable application control

disable

Disable application control

application-list

Application list name.

string

Maximum length: 35

ips-sensor-status

Enable/disable IPS.

option

-

Option

Description

enable

Enable IPS.

disable

Disable IPS.

ips-sensor

IPS sensor name.

string

Maximum length: 35

dsri

Enable/disable DSRI.

option

-

Option

Description

enable

Enable DSRI.

disable

Disable DSRI.

av-profile-status

Enable/disable antivirus.

option

-

Option

Description

enable

Enable antivirus

disable

Disable antivirus

av-profile

Antivirus profile.

string

Maximum length: 35

webfilter-profile-status

Enable/disable web filtering.

option

-

Option

Description

enable

Enable web filtering.

disable

Disable web filtering.

webfilter-profile

Web filter profile.

string

Maximum length: 35

emailfilter-profile-status

Enable/disable email filter.

option

-

Option

Description

enable

Enable Email filter.

disable

Disable Email filter.

emailfilter-profile

Email filter profile.

string

Maximum length: 35

dlp-sensor-status

Enable/disable DLP.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

dlp-sensor

DLP sensor name.

string

Maximum length: 35