Fortinet black logo

CLI Reference

7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0

config firewall multicast-policy

config firewall multicast-policy

Configure multicast NAT policies.

config firewall multicast-policy
    Description: Configure multicast NAT policies.
    edit <id>
        set action [accept|deny]
        set auto-asic-offload [enable|disable]
        set comments {var-string}
        set dnat {ipv4-address-any}
        set dstaddr <name1>, <name2>, ...
        set dstintf {string}
        set end-port {integer}
        set ips-sensor {string}
        set logtraffic [all|utm|...]
        set name {string}
        set protocol {integer}
        set snat [enable|disable]
        set snat-ip {ipv4-address}
        set srcaddr <name1>, <name2>, ...
        set srcintf {string}
        set start-port {integer}
        set status [enable|disable]
        set traffic-shaper {string}
        set utm-status [enable|disable]
        set uuid {uuid}
    next
end

config firewall multicast-policy

Parameter

Description

Type

Size

Default

action

Accept or deny traffic matching the policy.

option

-

accept

Option

Description

accept

Accept traffic matching the policy.

deny

Deny or block traffic matching the policy.

auto-asic-offload *

Enable/disable offloading policy traffic for hardware acceleration.

option

-

enable

Option

Description

enable

Enable hardware acceleration offloading.

disable

Disable offloading for hardware acceleration.

comments

Comment.

var-string

Maximum length: 1023

dnat

IPv4 DNAT address used for multicast destination addresses.

ipv4-address-any

Not Specified

0.0.0.0

dstaddr <name>

Destination address objects.

Destination address objects.

string

Maximum length: 79

dstintf

Destination interface name.

string

Maximum length: 35

end-port

Integer value for ending TCP/UDP/SCTP destination port in range.

integer

Minimum value: 0 Maximum value: 65535

65535

id

Policy ID.

integer

Minimum value: 0 Maximum value: 4294967294

0

ips-sensor

Name of an existing IPS sensor.

string

Maximum length: 35

logtraffic

Enable or disable logging. Log all sessions or security profile sessions.

option

-

utm

Option

Description

all

Enable logging traffic accepted by this policy.

utm

Log traffic that has a security profile applied to it.

disable

Disable all logging for this policy.

name

Policy name.

string

Maximum length: 35

protocol

Integer value for the protocol type as defined by IANA.

integer

Minimum value: 0 Maximum value: 255

0

snat

Enable/disable substitution of the outgoing interface IP address for the original source IP address (called source NAT or SNAT).

option

-

disable

Option

Description

enable

Enable source NAT.

disable

Disable source NAT.

snat-ip

IPv4 address to be used as the source address for NATed traffic.

ipv4-address

Not Specified

0.0.0.0

srcaddr <name>

Source address objects.

Source address objects.

string

Maximum length: 79

srcintf

Source interface name.

string

Maximum length: 35

start-port

Integer value for starting TCP/UDP/SCTP destination port in range.

integer

Minimum value: 0 Maximum value: 65535

1

status

Enable/disable this policy.

option

-

enable

Option

Description

enable

Enable this policy.

disable

Disable this policy.

traffic-shaper

Traffic shaper to apply to traffic forwarded by the multicast policy.

string

Maximum length: 35

utm-status

Enable to add an IPS security profile to the policy.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

* This parameter may not exist in some models.

Previous
Next

config firewall multicast-policy

Configure multicast NAT policies.

config firewall multicast-policy
    Description: Configure multicast NAT policies.
    edit <id>
        set action [accept|deny]
        set auto-asic-offload [enable|disable]
        set comments {var-string}
        set dnat {ipv4-address-any}
        set dstaddr <name1>, <name2>, ...
        set dstintf {string}
        set end-port {integer}
        set ips-sensor {string}
        set logtraffic [all|utm|...]
        set name {string}
        set protocol {integer}
        set snat [enable|disable]
        set snat-ip {ipv4-address}
        set srcaddr <name1>, <name2>, ...
        set srcintf {string}
        set start-port {integer}
        set status [enable|disable]
        set traffic-shaper {string}
        set utm-status [enable|disable]
        set uuid {uuid}
    next
end

config firewall multicast-policy

Parameter

Description

Type

Size

Default

action

Accept or deny traffic matching the policy.

option

-

accept

Option

Description

accept

Accept traffic matching the policy.

deny

Deny or block traffic matching the policy.

auto-asic-offload *

Enable/disable offloading policy traffic for hardware acceleration.

option

-

enable

Option

Description

enable

Enable hardware acceleration offloading.

disable

Disable offloading for hardware acceleration.

comments

Comment.

var-string

Maximum length: 1023

dnat

IPv4 DNAT address used for multicast destination addresses.

ipv4-address-any

Not Specified

0.0.0.0

dstaddr <name>

Destination address objects.

Destination address objects.

string

Maximum length: 79

dstintf

Destination interface name.

string

Maximum length: 35

end-port

Integer value for ending TCP/UDP/SCTP destination port in range.

integer

Minimum value: 0 Maximum value: 65535

65535

id

Policy ID.

integer

Minimum value: 0 Maximum value: 4294967294

0

ips-sensor

Name of an existing IPS sensor.

string

Maximum length: 35

logtraffic

Enable or disable logging. Log all sessions or security profile sessions.

option

-

utm

Option

Description

all

Enable logging traffic accepted by this policy.

utm

Log traffic that has a security profile applied to it.

disable

Disable all logging for this policy.

name

Policy name.

string

Maximum length: 35

protocol

Integer value for the protocol type as defined by IANA.

integer

Minimum value: 0 Maximum value: 255

0

snat

Enable/disable substitution of the outgoing interface IP address for the original source IP address (called source NAT or SNAT).

option

-

disable

Option

Description

enable

Enable source NAT.

disable

Disable source NAT.

snat-ip

IPv4 address to be used as the source address for NATed traffic.

ipv4-address

Not Specified

0.0.0.0

srcaddr <name>

Source address objects.

Source address objects.

string

Maximum length: 79

srcintf

Source interface name.

string

Maximum length: 35

start-port

Integer value for starting TCP/UDP/SCTP destination port in range.

integer

Minimum value: 0 Maximum value: 65535

1

status

Enable/disable this policy.

option

-

enable

Option

Description

enable

Enable this policy.

disable

Disable this policy.

traffic-shaper

Traffic shaper to apply to traffic forwarded by the multicast policy.

string

Maximum length: 35

utm-status

Enable to add an IPS security profile to the policy.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

* This parameter may not exist in some models.

Previous
Next