Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiLAN Cloud User Guide

    Home FortiLAN Cloud 24.2.0 FortiLAN Cloud User Guide
    24.2.0
    24.2.0
    24.1.0
    23.4.0
    23.3.0
    23.2.0
    23.1.0
    22.4.0
    22.3.0

    ACL

    ACL

    Configure the following ACL Settings.

  • Parameter

    Description

    Density Mode

    		 Enable the ACL density mode.
    Trunk Load Balance Enable trunk load balancing.

    To configure Ingress (for incoming traffic), Egress (for outgoing traffic), and Preelookup (for processing traffic) policies, update the following parameters.

    Parameter

    Description
    ID A unique identifier for this profile. The valid range is 1 - 2048.
    Active Enable to activate the profile.
    Group ID A unique group identifier. The valid range is 1 - 2048.
    Ingress Interface All Enable to apply the profile to all interfaces.
    Ingress Interface The specific interfaces to apply the profile to.
    Schedule The schedule for when the ACL profile is enforced.

    Description

    The description for the profile.

    Classifier - Identification of packets that the policy is applied to, each packet is classified based on one or more criteria as per these configurations.

    VLAN ID to be matched

    The VLAN identifier to match.

    Cost of Service

    The cost of service (CoS) value to match. The valid range is 0 - 7, leave blank to disable this field.

    802.1Q CoS value to be matched

    The 802.1Q CoS value to match. The valid range is 0 - 7, leave blank to disable this field.

    Ethernet type to be matched

    The Ethernet type to match. The valid range is 1-65535.

    ACL Custom Service to be matched

    The pre-configured custom service type to match.

    Source MAC

    The source MAC address to match.

    Destination MAC

    The destination MAC address to match.

    Source IP Prefix

    The source IP address to match (IPv4 only).

    Destination IP Prefix

    The destination IP address to match IPv4 only).

    Action - If a packet matches the classifier criteria for a given ACL, different actions are applied to a packet based on these configurations.

    Count

    Enable to track the number of matching packets.

    Drop

    Enable to drop matching packets.

    Mirror Session Name

    The name of the mirror to use collect packets to analyze.

    Redirect Bcast Cpu

    Enable to redirect broadcast traffic to all ports including the CPU.

    Redirect Bcast No Cpu

    Enable to redirect broadcast traffic to all ports excluding the CPU.

    Outer VLAN Tag

    The outer VLAN tag.

    CoS Queue

    The CoS queue number. The valid range is 0 - 7, leave blank to disable this field.

    Remark CoS

    The CoS marking value. The valid range is 0 - 7, leave blank to disable this field.

    CPU COS queue number(17 - 25). Only if packets reach to CPU

    The CPU CoS queue number. This CoS queue is only used if the packets reach the CPU. The valid range is 17 - 25.

    Remark DSCP

    The DSCP marking value. The valid range is 0 - 63, leave blank to disable this field.

    Redirect Interface

    The redirect interface to use.

    Redirect Physical Port

    The physical ports to include in the egress mask or to redirect packets to.

    Egress Mask Interface

    The physical ports that are included in the egress mask.

    Policer ID

    The policer ID to use.

    To configure the Policer, update the following parameters. You can add, modify, or delete an existing policer.

    Parameter

    Description
    ID A unique number to identify this policer. The valid range is 1-2048.
    Type Whether the policer is for the egress policy or the ingress policy.

    Guaranteed Bandwidth

    The amount of bandwidth guaranteed (in Kb/second) to be available for traffic controlled by the policy. The valid range is 1-524287000 Kb.

    Guaranteed Burst

    The guaranteed burst size in bytes. The valid range is 1-4294967295 bytes.

    Maximum Burst

    The maximum burst size in bytes. The valid range is 1-4294967295 bytes.

    Description

    A description of the policer.

    To configure the Custom Service, update the following parameters. You can add, modify, or delete an existing policer.

    Parameter

    Description
    Name The name of the ACL custom service.
    Comment A description of the custom service.
    Color The icon color for the service in the Service page.
    Protocol

    The protocol to use with the custom service, TCP, ICMP, IP, UDP, or SCTP.

    • Port Range - [TCP, UDP, or SCTP] The destination ports and source ports. You can enter a single port or a range of ports in each field.
    • Protocol Number - [IP] The protocol number.
    • ICMP Type/ICMP Code - [ICMP] The ICMP type and code.The valid range is 0 - 254.
    • Previous
    Next

    ACL

    ACL

    Configure the following ACL Settings.

  • Parameter

    Description

    Density Mode

    		 Enable the ACL density mode.
    Trunk Load Balance Enable trunk load balancing.

    To configure Ingress (for incoming traffic), Egress (for outgoing traffic), and Preelookup (for processing traffic) policies, update the following parameters.

    Parameter

    Description
    ID A unique identifier for this profile. The valid range is 1 - 2048.
    Active Enable to activate the profile.
    Group ID A unique group identifier. The valid range is 1 - 2048.
    Ingress Interface All Enable to apply the profile to all interfaces.
    Ingress Interface The specific interfaces to apply the profile to.
    Schedule The schedule for when the ACL profile is enforced.

    Description

    The description for the profile.

    Classifier - Identification of packets that the policy is applied to, each packet is classified based on one or more criteria as per these configurations.

    VLAN ID to be matched

    The VLAN identifier to match.

    Cost of Service

    The cost of service (CoS) value to match. The valid range is 0 - 7, leave blank to disable this field.

    802.1Q CoS value to be matched

    The 802.1Q CoS value to match. The valid range is 0 - 7, leave blank to disable this field.

    Ethernet type to be matched

    The Ethernet type to match. The valid range is 1-65535.

    ACL Custom Service to be matched

    The pre-configured custom service type to match.

    Source MAC

    The source MAC address to match.

    Destination MAC

    The destination MAC address to match.

    Source IP Prefix

    The source IP address to match (IPv4 only).

    Destination IP Prefix

    The destination IP address to match IPv4 only).

    Action - If a packet matches the classifier criteria for a given ACL, different actions are applied to a packet based on these configurations.

    Count

    Enable to track the number of matching packets.

    Drop

    Enable to drop matching packets.

    Mirror Session Name

    The name of the mirror to use collect packets to analyze.

    Redirect Bcast Cpu

    Enable to redirect broadcast traffic to all ports including the CPU.

    Redirect Bcast No Cpu

    Enable to redirect broadcast traffic to all ports excluding the CPU.

    Outer VLAN Tag

    The outer VLAN tag.

    CoS Queue

    The CoS queue number. The valid range is 0 - 7, leave blank to disable this field.

    Remark CoS

    The CoS marking value. The valid range is 0 - 7, leave blank to disable this field.

    CPU COS queue number(17 - 25). Only if packets reach to CPU

    The CPU CoS queue number. This CoS queue is only used if the packets reach the CPU. The valid range is 17 - 25.

    Remark DSCP

    The DSCP marking value. The valid range is 0 - 63, leave blank to disable this field.

    Redirect Interface

    The redirect interface to use.

    Redirect Physical Port

    The physical ports to include in the egress mask or to redirect packets to.

    Egress Mask Interface

    The physical ports that are included in the egress mask.

    Policer ID

    The policer ID to use.

    To configure the Policer, update the following parameters. You can add, modify, or delete an existing policer.

    Parameter

    Description
    ID A unique number to identify this policer. The valid range is 1-2048.
    Type Whether the policer is for the egress policy or the ingress policy.

    Guaranteed Bandwidth

    The amount of bandwidth guaranteed (in Kb/second) to be available for traffic controlled by the policy. The valid range is 1-524287000 Kb.

    Guaranteed Burst

    The guaranteed burst size in bytes. The valid range is 1-4294967295 bytes.

    Maximum Burst

    The maximum burst size in bytes. The valid range is 1-4294967295 bytes.

    Description

    A description of the policer.

    To configure the Custom Service, update the following parameters. You can add, modify, or delete an existing policer.

    Parameter

    Description
    Name The name of the ACL custom service.
    Comment A description of the custom service.
    Color The icon color for the service in the Service page.
    Protocol

    The protocol to use with the custom service, TCP, ICMP, IP, UDP, or SCTP.

    • Port Range - [TCP, UDP, or SCTP] The destination ports and source ports. You can enter a single port or a range of ports in each field.
    • Protocol Number - [IP] The protocol number.
    • ICMP Type/ICMP Code - [ICMP] The ICMP type and code.The valid range is 0 - 254.
    • Previous
    Next