Create a new local-in policy
The section describes how to create new IPv4 and IPv6 local-in policies to control inbound traffic that is going to a FortiGate interface.
See Local-in policy in the FortiOS Administration Guide for more information.
You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature. |
To create a new Local-In policy:
- If using ADOMs, ensure that you are in the correct ADOM.
- Go to Policy & Objects > Policy Packages.
- In the tree menu for the policy package in which you will be creating the new policy, select IPv4 Local In Policy or IPv6 Local In Policy.
- Click Create New.
- Enter the following information:
Option
Description
Interface
Select the interface.
Source Address
Select souce addresses, address groups, virtual IPs, and virtual IP groups.
Destination Address
Select destination addresses, address groups, virtual IPs, and virtual IP groups.
Service
Select services and service groups.
Schedule
Select a one-time schedule, recurring schedule, or schedule group.
Action
Select an action for the policy to take: DENY or ACCEPT.
HA Management Interface Only
Enable to dedicate the interface as an HA management interface. This option is only available for IPv4 policies.
Change Note
Add a description of the changes being made to the policy. This field is required. - Click OK to create the policy. You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.