Updating policy packages
After editing normalized interfaces for devices, we can use the interfaces in our firewall policies. For example, we can use the interfaces to allow the Guest network to access to the underlay exclusively with specific security profiles. On the other hand, the wireless and wired networks get access to the overlay/underlay with different security profiles.
This topic contains the following sections:
- Creating interface subnet objects
- Creating policy packages for multiple branches
- Installing policy package changes to FortiGate
Creating interface subnet objects
To map the source networks, we can create new firewall address objects of type Interface subnet that will be dynamically mapped to the source interface subnet when FortiManager pushes the policy to the FortiGate.
To create interface subnet objects:
- Go to Policy & Objects > Object Configurations > Firewall Objects > Addresses, and click Create New. The Create New Address pane is displayed.
- In the Address Name box, type a name for the address, such as Wireless_Lan_Network.
- In the Type list, select Interface Subnet.
- Complete the remaining options, and click OK to save the object.
Creating policy packages for multiple branches
Below is an example of a simple policy package that can be deployed to multiple branches on the Policy & Objects > Policy Packages pane:
Installing policy package changes to FortiGate
As we selected this policy package while creating the FortiGate model device, we can install the changes using the Install > Install Wizard > Policy Package:
The following example shows that the Branches policy package was successfully installed to the device.