The section describes how to create new IPv4 and IPv6 local-in policies to control inbound traffic that is going to a FortiGate interface.
See Local-in policy in the FortiOS Administration Guide for more information.
On the Policy & Objects pane, from the Tools menu, select Display Options, and then select the IPv4 Local In Policy and IPv6 Local In Policy checkboxes to display these options.
- If using ADOMs, ensure that you are in the correct ADOM.
- Go to Policy & Objects > Policy Packages.
- In the tree menu for the policy package in which you will be creating the new policy, select IPv4 Local In Policy or IPv6 Local In Policy.
- Click Create New.
- Enter the following information:
Select the interface.
Select souce addresses, address groups, virtual IPs, and virtual IP groups.
Select destination addresses, address groups, virtual IPs, and virtual IP groups.
Select services and service groups.
Select a one-time schedule, recurring schedule, or schedule group.
Select an action for the policy to take: DENY or ACCEPT.
HA Management Interface Only
Enable to dedicate the interface as an HA management interface. This option is only available for IPv4 policies.
Add a description of the changes being made to the policy. This field is required.
- Click OK to create the policy. You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.