Fortinet black logo

New Features

Normalized interface to map as zone only 6.4.7

Copy Link
Copy Doc ID b5bbfe47-438c-11ea-9384-00505692583a:321694
Download PDF

Normalized interface to map as zone only 6.4.7

Starting in FortiManager 6.4.7, map as zone only mode is available for normalized interfaces.

To configure and use a normalized interface as zone only:
  1. Enable mapping as zone only through the CLI with the following commands:

    config system global

    set normalized-intf-zone-only enable

  2. On FortiManager, go to Policy & Objects > Object Configuration > Normalized Interface, edit or create a new normalized interface, and select Map as zone only. Save the normalized interface.
  3. Go to Device Manager > Device & Groups, and create a new device zone.
    1. Normalized zone only name selection as well as the option to input a name are both available.
    2. Dynamic mapping is available in the table to filter by device zone and let the user select options only showing ADOM normalized interface zones that are configured as zone only.
    3. Once a zone is selected in the Normalized Interface field, if the zone name field is empty, the GUI will automatically fill the zone name input box.
    4. After saving, the device zone is created.
  4. Create a policy using the zone-only normalized interface.
  5. Install and review the changes in the Install Preview.

    config system zone

    edit "zoneOnly1"

    set interface "port9" "port10"

    next

    end

    config firewall policy

    edit 3

    set uuid 34808cec-020f-51ec-64a0-f0c7e494e816

    set srcintf "zoneOnly1"

    set dstintf "any"

    set srcaddr "all"

    set dstaddr "all"

    set schedule "always"

    set service "ALL"

    set logtraffic all

    next

    end

  6. After installation, FortiGate gets the configuration correctly.

Normalized interface to map as zone only 6.4.7

Starting in FortiManager 6.4.7, map as zone only mode is available for normalized interfaces.

To configure and use a normalized interface as zone only:
  1. Enable mapping as zone only through the CLI with the following commands:

    config system global

    set normalized-intf-zone-only enable

  2. On FortiManager, go to Policy & Objects > Object Configuration > Normalized Interface, edit or create a new normalized interface, and select Map as zone only. Save the normalized interface.
  3. Go to Device Manager > Device & Groups, and create a new device zone.
    1. Normalized zone only name selection as well as the option to input a name are both available.
    2. Dynamic mapping is available in the table to filter by device zone and let the user select options only showing ADOM normalized interface zones that are configured as zone only.
    3. Once a zone is selected in the Normalized Interface field, if the zone name field is empty, the GUI will automatically fill the zone name input box.
    4. After saving, the device zone is created.
  4. Create a policy using the zone-only normalized interface.
  5. Install and review the changes in the Install Preview.

    config system zone

    edit "zoneOnly1"

    set interface "port9" "port10"

    next

    end

    config firewall policy

    edit 3

    set uuid 34808cec-020f-51ec-64a0-f0c7e494e816

    set srcintf "zoneOnly1"

    set dstintf "any"

    set srcaddr "all"

    set dstaddr "all"

    set schedule "always"

    set service "ALL"

    set logtraffic all

    next

    end

  6. After installation, FortiGate gets the configuration correctly.