Fortinet black logo

CLI Reference

config firewall local-in-policy

config firewall local-in-policy

Configure user defined IPv4 local-in policies.

config firewall local-in-policy

Description: Configure user defined IPv4 local-in policies.

edit <policyid>

set uuid {uuid}

set ha-mgmt-intf-only [enable|disable]

set intf {string}

set srcaddr <name1>, <name2>, ...

set srcaddr-negate [enable|disable]

set dstaddr <name1>, <name2>, ...

set dstaddr-negate [enable|disable]

set action [accept|deny]

set service <name1>, <name2>, ...

set service-negate [enable|disable]

set schedule {string}

set status [enable|disable]

set comments {var-string}

next

end

config firewall local-in-policy

Parameter

Description

Type

Size

Default

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

ha-mgmt-intf-only

Enable/disable dedicating the HA management interface only for local-in policy.

option

-

disable

Option

Description

enable

Enable dedicating HA management interface only for local-in policy.

disable

Disable dedicating HA management interface only for local-in policy.

intf

Incoming interface name from available options.

string

Maximum length: 35

srcaddr <name>

Source address object from available options.

Address name.

string

Maximum length: 79

srcaddr-negate

When enabled srcaddr specifies what the source address must NOT be.

option

-

disable

Option

Description

enable

Enable source address negate.

disable

Disable source address negate.

dstaddr <name>

Destination address object from available options.

Address name.

string

Maximum length: 79

dstaddr-negate

When enabled dstaddr specifies what the destination address must NOT be.

option

-

disable

Option

Description

enable

Enable destination address negate.

disable

Disable destination address negate.

action

Action performed on traffic matching the policy .

option

-

deny

Option

Description

accept

Allow traffic matching this policy.

deny

Deny or block traffic matching this policy.

service <name>

Service object from available options.

Service name.

string

Maximum length: 79

service-negate

When enabled service specifies what the service must NOT be.

option

-

disable

Option

Description

enable

Enable negated service match.

disable

Disable negated service match.

schedule

Schedule object from available options.

string

Maximum length: 35

status

Enable/disable this local-in policy.

option

-

enable

Option

Description

enable

Enable this local-in policy.

disable

Disable this local-in policy.

comments

Comment.

var-string

Maximum length: 1023

config firewall local-in-policy

Configure user defined IPv4 local-in policies.

config firewall local-in-policy

Description: Configure user defined IPv4 local-in policies.

edit <policyid>

set uuid {uuid}

set ha-mgmt-intf-only [enable|disable]

set intf {string}

set srcaddr <name1>, <name2>, ...

set srcaddr-negate [enable|disable]

set dstaddr <name1>, <name2>, ...

set dstaddr-negate [enable|disable]

set action [accept|deny]

set service <name1>, <name2>, ...

set service-negate [enable|disable]

set schedule {string}

set status [enable|disable]

set comments {var-string}

next

end

config firewall local-in-policy

Parameter

Description

Type

Size

Default

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

ha-mgmt-intf-only

Enable/disable dedicating the HA management interface only for local-in policy.

option

-

disable

Option

Description

enable

Enable dedicating HA management interface only for local-in policy.

disable

Disable dedicating HA management interface only for local-in policy.

intf

Incoming interface name from available options.

string

Maximum length: 35

srcaddr <name>

Source address object from available options.

Address name.

string

Maximum length: 79

srcaddr-negate

When enabled srcaddr specifies what the source address must NOT be.

option

-

disable

Option

Description

enable

Enable source address negate.

disable

Disable source address negate.

dstaddr <name>

Destination address object from available options.

Address name.

string

Maximum length: 79

dstaddr-negate

When enabled dstaddr specifies what the destination address must NOT be.

option

-

disable

Option

Description

enable

Enable destination address negate.

disable

Disable destination address negate.

action

Action performed on traffic matching the policy .

option

-

deny

Option

Description

accept

Allow traffic matching this policy.

deny

Deny or block traffic matching this policy.

service <name>

Service object from available options.

Service name.

string

Maximum length: 79

service-negate

When enabled service specifies what the service must NOT be.

option

-

disable

Option

Description

enable

Enable negated service match.

disable

Disable negated service match.

schedule

Schedule object from available options.

string

Maximum length: 35

status

Enable/disable this local-in policy.

option

-

enable

Option

Description

enable

Enable this local-in policy.

disable

Disable this local-in policy.

comments

Comment.

var-string

Maximum length: 1023