Create a new interface policy
The section describes how to create new IPv4 and IPv6 interface policies.
See Interface policies in the FortiOS Administration Guide for more information.
On the Policy & Objects pane, from the Tools menu, select Display Options, and then select the IPv4 Interface Policy and IPv6 Interface Policy check boxes to display these options. |
To create a new Interface policy:
- If using ADOMs, ensure that you are in the correct ADOM.
- Go to Policy & Objects > Policy Packages.
- In the tree menu for the policy package, click IPv4 Interface Policy or IPv6 Interface Policy.
- Click Create New.
- Enter the following information:
Option
Description
Source > Interface
Select the source interface.
Source > Address
Select source addresses, address groups, virtual IPs, and virtual IP groups. Destination > Address
Select destination addresses, address groups, virtual IPs, and virtual IP groups.
Service
Select services and service groups.
Log Traffic
Select the traffic to log: No Log, Log Security Events, or Log All Sessions.
AntiVirus Profile
Enable or disable, and then select, the antivirus profile.
Web Filter Profile
Enable or disable, and then select, the web filter profile.
Application Control
Enable or disable, and then select, the application control profile.
IPS Profile
Enable or disable, and then select the IPS profile.
Email Filter Profile
Enable or disable, and then select, the email filter profile.
Advanced Options
Configure advanced options, see Advanced options below.
For more information on advanced options, see the FortiOS CLI Reference.
Change Note
Add a description of the changes being made to the policy. This field is required.
- Click OK to create the policy. You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.
Advanced options
Option |
Description |
Default |
---|---|---|
address-type |
Select |
none |
comments |
Add a description of the policy, such as its purpose, or the changes that have been made to it. |
none |
dlp-profile |
Select an existing data leak prevention (DLP) profile. |
none |
dlp-profile-status |
Enable or disable DLP. |
disable |
dsri |
Enable or disable DSRI. |
disable |