Fortinet black logo

CLI Reference

config firewall interface-policy

config firewall interface-policy

Configure IPv4 interface policies.

config firewall interface-policy
    Description: Configure IPv4 interface policies.
    edit <policyid>
        set application-list {string}
        set application-list-status [enable|disable]
        set av-profile {string}
        set av-profile-status [enable|disable]
        set comments {var-string}
        set dlp-profile {string}
        set dlp-profile-status [enable|disable]
        set dsri [enable|disable]
        set dstaddr <name1>, <name2>, ...
        set emailfilter-profile {string}
        set emailfilter-profile-status [enable|disable]
        set interface {string}
        set ips-sensor {string}
        set ips-sensor-status [enable|disable]
        set logtraffic [all|utm|...]
        set service <name1>, <name2>, ...
        set srcaddr <name1>, <name2>, ...
        set status [enable|disable]
        set webfilter-profile {string}
        set webfilter-profile-status [enable|disable]
    next
end

config firewall interface-policy

Parameter

Description

Type

Size

Default

application-list

Application list name.

string

Maximum length: 35

application-list-status

Enable/disable application control.

option

-

disable

Option

Description

enable

Enable application control

disable

Disable application control

av-profile

Antivirus profile.

string

Maximum length: 35

av-profile-status

Enable/disable antivirus.

option

-

disable

Option

Description

enable

Enable antivirus

disable

Disable antivirus

comments

Comments.

var-string

Maximum length: 1023

dlp-profile

DLP profile name.

string

Maximum length: 35

dlp-profile-status

Enable/disable DLP.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

dsri

Enable/disable DSRI.

option

-

disable

Option

Description

enable

Enable DSRI.

disable

Disable DSRI.

dstaddr <name>

Address object to limit traffic monitoring to network traffic sent to the specified address or range.

Address name.

string

Maximum length: 79

emailfilter-profile

Email filter profile.

string

Maximum length: 35

emailfilter-profile-status

Enable/disable email filter.

option

-

disable

Option

Description

enable

Enable Email filter.

disable

Disable Email filter.

interface

Monitored interface name from available interfaces.

string

Maximum length: 35

ips-sensor

IPS sensor name.

string

Maximum length: 35

ips-sensor-status

Enable/disable IPS.

option

-

disable

Option

Description

enable

Enable IPS.

disable

Disable IPS.

logtraffic

Logging type to be used in this policy (Options: all | utm | disable, Default: utm).

option

-

utm

Option

Description

all

Log all sessions accepted or denied by this policy.

utm

Log traffic that has a security profile applied to it.

disable

Disable all logging for this policy.

policyid

Policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

service <name>

Service object from available options.

Service name.

string

Maximum length: 79

srcaddr <name>

Address object to limit traffic monitoring to network traffic sent from the specified address or range.

Address name.

string

Maximum length: 79

status

Enable/disable this policy.

option

-

enable

Option

Description

enable

Enable this policy.

disable

Disable this policy.

webfilter-profile

Web filter profile.

string

Maximum length: 35

webfilter-profile-status

Enable/disable web filtering.

option

-

disable

Option

Description

enable

Enable web filtering.

disable

Disable web filtering.

config firewall interface-policy

Configure IPv4 interface policies.

config firewall interface-policy
    Description: Configure IPv4 interface policies.
    edit <policyid>
        set application-list {string}
        set application-list-status [enable|disable]
        set av-profile {string}
        set av-profile-status [enable|disable]
        set comments {var-string}
        set dlp-profile {string}
        set dlp-profile-status [enable|disable]
        set dsri [enable|disable]
        set dstaddr <name1>, <name2>, ...
        set emailfilter-profile {string}
        set emailfilter-profile-status [enable|disable]
        set interface {string}
        set ips-sensor {string}
        set ips-sensor-status [enable|disable]
        set logtraffic [all|utm|...]
        set service <name1>, <name2>, ...
        set srcaddr <name1>, <name2>, ...
        set status [enable|disable]
        set webfilter-profile {string}
        set webfilter-profile-status [enable|disable]
    next
end

config firewall interface-policy

Parameter

Description

Type

Size

Default

application-list

Application list name.

string

Maximum length: 35

application-list-status

Enable/disable application control.

option

-

disable

Option

Description

enable

Enable application control

disable

Disable application control

av-profile

Antivirus profile.

string

Maximum length: 35

av-profile-status

Enable/disable antivirus.

option

-

disable

Option

Description

enable

Enable antivirus

disable

Disable antivirus

comments

Comments.

var-string

Maximum length: 1023

dlp-profile

DLP profile name.

string

Maximum length: 35

dlp-profile-status

Enable/disable DLP.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

dsri

Enable/disable DSRI.

option

-

disable

Option

Description

enable

Enable DSRI.

disable

Disable DSRI.

dstaddr <name>

Address object to limit traffic monitoring to network traffic sent to the specified address or range.

Address name.

string

Maximum length: 79

emailfilter-profile

Email filter profile.

string

Maximum length: 35

emailfilter-profile-status

Enable/disable email filter.

option

-

disable

Option

Description

enable

Enable Email filter.

disable

Disable Email filter.

interface

Monitored interface name from available interfaces.

string

Maximum length: 35

ips-sensor

IPS sensor name.

string

Maximum length: 35

ips-sensor-status

Enable/disable IPS.

option

-

disable

Option

Description

enable

Enable IPS.

disable

Disable IPS.

logtraffic

Logging type to be used in this policy (Options: all | utm | disable, Default: utm).

option

-

utm

Option

Description

all

Log all sessions accepted or denied by this policy.

utm

Log traffic that has a security profile applied to it.

disable

Disable all logging for this policy.

policyid

Policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

service <name>

Service object from available options.

Service name.

string

Maximum length: 79

srcaddr <name>

Address object to limit traffic monitoring to network traffic sent from the specified address or range.

Address name.

string

Maximum length: 79

status

Enable/disable this policy.

option

-

enable

Option

Description

enable

Enable this policy.

disable

Disable this policy.

webfilter-profile

Web filter profile.

string

Maximum length: 35

webfilter-profile-status

Enable/disable web filtering.

option

-

disable

Option

Description

enable

Enable web filtering.

disable

Disable web filtering.