Fortinet black logo

CLI Reference

config firewall multicast-policy

config firewall multicast-policy

Configure multicast NAT policies.

config firewall multicast-policy
    Description: Configure multicast NAT policies.
    edit <id>
        set action [accept|deny]
        set auto-asic-offload [enable|disable]
        set comments {var-string}
        set dnat {ipv4-address-any}
        set dstaddr <name1>, <name2>, ...
        set dstintf {string}
        set end-port {integer}
        set logtraffic [enable|disable]
        set name {string}
        set protocol {integer}
        set snat [enable|disable]
        set snat-ip {ipv4-address}
        set srcaddr <name1>, <name2>, ...
        set srcintf {string}
        set start-port {integer}
        set status [enable|disable]
        set uuid {uuid}
    next
end

config firewall multicast-policy

Parameter

Description

Type

Size

Default

action

Accept or deny traffic matching the policy.

option

-

accept

Option

Description

accept

Accept traffic matching the policy.

deny

Deny or block traffic matching the policy.

auto-asic-offload *

Enable/disable offloading policy traffic for hardware acceleration.

option

-

enable

Option

Description

enable

Enable hardware acceleration offloading.

disable

Disable offloading for hardware acceleration.

comments

Comment.

var-string

Maximum length: 1023

dnat

IPv4 DNAT address used for multicast destination addresses.

ipv4-address-any

Not Specified

0.0.0.0

dstaddr <name>

Destination address objects.

Destination address objects.

string

Maximum length: 79

dstintf

Destination interface name.

string

Maximum length: 35

end-port

Integer value for ending TCP/UDP/SCTP destination port in range.

integer

Minimum value: 0 Maximum value: 65535

65535

id

Policy ID.

integer

Minimum value: 0 Maximum value: 4294967294

0

logtraffic

Enable/disable logging traffic accepted by this policy.

option

-

disable

Option

Description

enable

Enable logging traffic accepted by this policy.

disable

Disable logging traffic accepted by this policy.

name

Policy name.

string

Maximum length: 35

protocol

Integer value for the protocol type as defined by IANA.

integer

Minimum value: 0 Maximum value: 255

0

snat

Enable/disable substitution of the outgoing interface IP address for the original source IP address (called source NAT or SNAT).

option

-

disable

Option

Description

enable

Enable source NAT.

disable

Disable source NAT.

snat-ip

IPv4 address to be used as the source address for NATed traffic.

ipv4-address

Not Specified

0.0.0.0

srcaddr <name>

Source address objects.

Source address objects.

string

Maximum length: 79

srcintf

Source interface name.

string

Maximum length: 35

start-port

Integer value for starting TCP/UDP/SCTP destination port in range.

integer

Minimum value: 0 Maximum value: 65535

1

status

Enable/disable this policy.

option

-

enable

Option

Description

enable

Enable this policy.

disable

Disable this policy.

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

* This parameter may not exist in some models.

config firewall multicast-policy

Configure multicast NAT policies.

config firewall multicast-policy
    Description: Configure multicast NAT policies.
    edit <id>
        set action [accept|deny]
        set auto-asic-offload [enable|disable]
        set comments {var-string}
        set dnat {ipv4-address-any}
        set dstaddr <name1>, <name2>, ...
        set dstintf {string}
        set end-port {integer}
        set logtraffic [enable|disable]
        set name {string}
        set protocol {integer}
        set snat [enable|disable]
        set snat-ip {ipv4-address}
        set srcaddr <name1>, <name2>, ...
        set srcintf {string}
        set start-port {integer}
        set status [enable|disable]
        set uuid {uuid}
    next
end

config firewall multicast-policy

Parameter

Description

Type

Size

Default

action

Accept or deny traffic matching the policy.

option

-

accept

Option

Description

accept

Accept traffic matching the policy.

deny

Deny or block traffic matching the policy.

auto-asic-offload *

Enable/disable offloading policy traffic for hardware acceleration.

option

-

enable

Option

Description

enable

Enable hardware acceleration offloading.

disable

Disable offloading for hardware acceleration.

comments

Comment.

var-string

Maximum length: 1023

dnat

IPv4 DNAT address used for multicast destination addresses.

ipv4-address-any

Not Specified

0.0.0.0

dstaddr <name>

Destination address objects.

Destination address objects.

string

Maximum length: 79

dstintf

Destination interface name.

string

Maximum length: 35

end-port

Integer value for ending TCP/UDP/SCTP destination port in range.

integer

Minimum value: 0 Maximum value: 65535

65535

id

Policy ID.

integer

Minimum value: 0 Maximum value: 4294967294

0

logtraffic

Enable/disable logging traffic accepted by this policy.

option

-

disable

Option

Description

enable

Enable logging traffic accepted by this policy.

disable

Disable logging traffic accepted by this policy.

name

Policy name.

string

Maximum length: 35

protocol

Integer value for the protocol type as defined by IANA.

integer

Minimum value: 0 Maximum value: 255

0

snat

Enable/disable substitution of the outgoing interface IP address for the original source IP address (called source NAT or SNAT).

option

-

disable

Option

Description

enable

Enable source NAT.

disable

Disable source NAT.

snat-ip

IPv4 address to be used as the source address for NATed traffic.

ipv4-address

Not Specified

0.0.0.0

srcaddr <name>

Source address objects.

Source address objects.

string

Maximum length: 79

srcintf

Source interface name.

string

Maximum length: 35

start-port

Integer value for starting TCP/UDP/SCTP destination port in range.

integer

Minimum value: 0 Maximum value: 65535

1

status

Enable/disable this policy.

option

-

enable

Option

Description

enable

Enable this policy.

disable

Disable this policy.

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

* This parameter may not exist in some models.