Fortinet black logo

Administration Guide

Interface policies

Interface policies

The IPv4 Interface Policy and IPv6 Interface Policy panes allow you to create, edit, delete, and clone interface policies.

On the Policy & Objects pane, from the Tools menu, select Display Options, and then select the IPv4 Interface Policy and IPv6 Interface Policy check boxes to display these options.

To create a new interface policy:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for the policy package, click IPv4 Interface Policy or IPv6 Interface Policy.
  4. Click Create New, or, from the Create New menu, select Insert Above or Insert Below. By default, policies will be added to the bottom of the list. The Create New Policy pane opens.
  5. Configure the following settings, then click OK to create the policy:

    Source

    Interface

    Select the source zone from the Object Selector frame, or drag and drop the address from the object pane.

    Address

    Select the source address.

    Destination

    Address

    Select the destination address.

    Service

    Select the service.

    Log Traffic

    Select the traffic to log: No Log, Log Security Events, or Log All Sessions.

    AntiVirus Profile

    Select to enable antivirus and select the profile from the dropdown list.

    Web Filter Profile

    Select to enable Web Filter and select the profile from the dropdown list.

    Application Control

    Select to enable Application Control and select the profile from the dropdown list.

    IPS Profile

    Select to enable IPS and select the profile from the dropdown list.

    Email Filter Profile

    Select to enable Email Filter and select the profile from the dropdown list.

    DLP Sensor

    Select to enable DLP Sensor and select the profile from the dropdown list.

    Advanced Options

    comments

    Add comments about the policy.

    dsri

    Enable or disable DSRI (default = disable).

    scan-botnet-connections

    Enable or disable scanning of connections to Botnet servers (default = disable).

Interface policies

The IPv4 Interface Policy and IPv6 Interface Policy panes allow you to create, edit, delete, and clone interface policies.

On the Policy & Objects pane, from the Tools menu, select Display Options, and then select the IPv4 Interface Policy and IPv6 Interface Policy check boxes to display these options.

To create a new interface policy:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for the policy package, click IPv4 Interface Policy or IPv6 Interface Policy.
  4. Click Create New, or, from the Create New menu, select Insert Above or Insert Below. By default, policies will be added to the bottom of the list. The Create New Policy pane opens.
  5. Configure the following settings, then click OK to create the policy:

    Source

    Interface

    Select the source zone from the Object Selector frame, or drag and drop the address from the object pane.

    Address

    Select the source address.

    Destination

    Address

    Select the destination address.

    Service

    Select the service.

    Log Traffic

    Select the traffic to log: No Log, Log Security Events, or Log All Sessions.

    AntiVirus Profile

    Select to enable antivirus and select the profile from the dropdown list.

    Web Filter Profile

    Select to enable Web Filter and select the profile from the dropdown list.

    Application Control

    Select to enable Application Control and select the profile from the dropdown list.

    IPS Profile

    Select to enable IPS and select the profile from the dropdown list.

    Email Filter Profile

    Select to enable Email Filter and select the profile from the dropdown list.

    DLP Sensor

    Select to enable DLP Sensor and select the profile from the dropdown list.

    Advanced Options

    comments

    Add comments about the policy.

    dsri

    Enable or disable DSRI (default = disable).

    scan-botnet-connections

    Enable or disable scanning of connections to Botnet servers (default = disable).