Fortinet black logo

Examples

Home FortiManager 6.4.0 Examples

Updating firewall policies

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
Copy Link
Copy Doc ID 5ecc39ba-34cd-11eb-96b9-00505692583a:925548
Download PDF

Updating firewall policies

Let’s not forget to add a firewall rule for this traffic! The tunnel interface name is different on each Hub (since it includes the ID of the remote Hub).

We will use per-device mapping when defining our normalized interfaces in FMG:

Normalized Interface

Per-Device Mapping

OL_INET_DC2DC

DC1_FGT: OL_INET_12

DC2_FGT: OL_INET_11

OL_MPLS_DC2DC

DC1_FGT: OL_MPLS_22

DC2_FGT: OL_MPLS_21
To update firewall policies for hubs:
  1. Go to Policy & Objects > Policy Packages.
  2. In the tree menu, select the policy package for hubs, for example, DataCenter-PP. The firewall policies in the policy package are displayed.
  3. Add policies to the firewall policy:
    1. In the toolbar, click Create New. The Create New Firewall Policy pane is displayed.
    2. Create the following policy, and click OK.

      Name

      From

      To

      Src

      Dst

      Service

      NAT

      Action

      DC to DC

      vl_lan

      OL_INET_DC2DC

      OL_MPLS_DC2DC

      vl_lan

      OL_INET_DC2DC

      OL_MPLS_DC2DC

      all

      all

      ALL

      No

      Accept

  4. Install the DataCenter-PP policy package to hub devices.
Previous
Next

Updating firewall policies

Let’s not forget to add a firewall rule for this traffic! The tunnel interface name is different on each Hub (since it includes the ID of the remote Hub).

We will use per-device mapping when defining our normalized interfaces in FMG:

Normalized Interface

Per-Device Mapping

OL_INET_DC2DC

DC1_FGT: OL_INET_12

DC2_FGT: OL_INET_11

OL_MPLS_DC2DC

DC1_FGT: OL_MPLS_22

DC2_FGT: OL_MPLS_21
To update firewall policies for hubs:
  1. Go to Policy & Objects > Policy Packages.
  2. In the tree menu, select the policy package for hubs, for example, DataCenter-PP. The firewall policies in the policy package are displayed.
  3. Add policies to the firewall policy:
    1. In the toolbar, click Create New. The Create New Firewall Policy pane is displayed.
    2. Create the following policy, and click OK.

      Name

      From

      To

      Src

      Dst

      Service

      NAT

      Action

      DC to DC

      vl_lan

      OL_INET_DC2DC

      OL_MPLS_DC2DC

      vl_lan

      OL_INET_DC2DC

      OL_MPLS_DC2DC

      all

      all

      ALL

      No

      Accept

  4. Install the DataCenter-PP policy package to hub devices.
Previous
Next