Fortinet black logo

SD-Branch ZTP Framework with FortiManager

Home FortiGate / FortiOS 6.4.0 SD-Branch ZTP Framework with FortiManager
6.4.0
6.4.0

Updating policy packages

Updating policy packages

After editing normalized interfaces for devices, we can use the interfaces in our firewall policies. For example, we can use the interfaces to allow the Guest network to access to the underlay exclusively with specific security profiles. On the other hand, the wireless and wired networks get access to the overlay/underlay with different security profiles.

This topic contains the following sections:

Creating interface subnet objects

To map the source networks, we can create new firewall address objects of type Interface subnet that will be dynamically mapped to the source interface subnet when FortiManager pushes the policy to the FortiGate.

To create interface subnet objects:
  1. Go to Policy & Objects > Object Configurations > Firewall Objects > Addresses, and click Create New. The Create New Address pane is displayed.
  2. In the Address Name box, type a name for the address, such as Wireless_Lan_Network.
  3. In the Type list, select Interface Subnet.
  4. Complete the remaining options, and click OK to save the object.

Creating policy packages for multiple branches

Below is an example of a simple policy package that can be deployed to multiple branches on the Policy & Objects > Policy Packages pane:

Installing policy package changes to FortiGate

As we selected this policy package while creating the FortiGate model device, we can install the changes using the Install > Install Wizard > Policy Package:

The following example shows that the Branches policy package was successfully installed to the device.

Previous
Next

Updating policy packages

After editing normalized interfaces for devices, we can use the interfaces in our firewall policies. For example, we can use the interfaces to allow the Guest network to access to the underlay exclusively with specific security profiles. On the other hand, the wireless and wired networks get access to the overlay/underlay with different security profiles.

This topic contains the following sections:

Creating interface subnet objects

To map the source networks, we can create new firewall address objects of type Interface subnet that will be dynamically mapped to the source interface subnet when FortiManager pushes the policy to the FortiGate.

To create interface subnet objects:
  1. Go to Policy & Objects > Object Configurations > Firewall Objects > Addresses, and click Create New. The Create New Address pane is displayed.
  2. In the Address Name box, type a name for the address, such as Wireless_Lan_Network.
  3. In the Type list, select Interface Subnet.
  4. Complete the remaining options, and click OK to save the object.

Creating policy packages for multiple branches

Below is an example of a simple policy package that can be deployed to multiple branches on the Policy & Objects > Policy Packages pane:

Installing policy package changes to FortiGate

As we selected this policy package while creating the FortiGate model device, we can install the changes using the Install > Install Wizard > Policy Package:

The following example shows that the Branches policy package was successfully installed to the device.

Previous
Next