Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.4.1 Administration Guide
    7.4.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Create a new interface policy

    Create a new interface policy

    The section describes how to create new IPv4 and IPv6 interface policies.

    See Interface policies in the FortiOS Administration Guide for more information.

    Note

    You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.
    To create a new Interface policy:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Policy & Objects > Policy Packages.
    3. In the tree menu for the policy package, click IPv4 Interface Policy or IPv6 Interface Policy.
    4. Click Create New.
    5. Enter the following information:

      Option

      Description

      Source > Interface

      Select the source interface.

      Source > Address

      		Select source addresses, address groups, virtual IPs, and virtual IP groups.

      Destination > Address

      Select destination addresses, address groups, virtual IPs, and virtual IP groups.

      Service

      Select services and service groups.

      Log Traffic

      Select the traffic to log: No Log, Log Security Events, or Log All Sessions.

      AntiVirus Profile

      Enable or disable, and then select, the antivirus profile.

      Web Filter Profile

      Enable or disable, and then select, the web filter profile.

      Application Control

      Enable or disable, and then select, the application control profile.

      IPS Profile

      Enable or disable, and then select the IPS profile.

      Email Filter Profile

      Enable or disable, and then select, the email filter profile.

      Advanced Options

      Configure advanced options, see Advanced options below.

      For more information on advanced option, see the FortiOS CLI Reference.

      Change Note

      Add a description of the changes being made to the policy. This field is required.

    6. Click OK to create the policy. You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.
    Advanced options

    Option

    Description

    Default

    address-type

    Select

    none

    comments

    Add a description of the policy, such as its purpose, or the changes that have been made to it.

    none

    dlp-profile

    Select an existing data leak prevention (DLP) profile.

    none

    dlp-profile-status

    Enable or disable DLP.

    disable

    dsri

    Enable or disable DSRI.

    disable
    Previous
    Next

    Create a new interface policy

    Create a new interface policy

    The section describes how to create new IPv4 and IPv6 interface policies.

    See Interface policies in the FortiOS Administration Guide for more information.

    Note

    You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.
    To create a new Interface policy:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Policy & Objects > Policy Packages.
    3. In the tree menu for the policy package, click IPv4 Interface Policy or IPv6 Interface Policy.
    4. Click Create New.
    5. Enter the following information:

      Option

      Description

      Source > Interface

      Select the source interface.

      Source > Address

      		Select source addresses, address groups, virtual IPs, and virtual IP groups.

      Destination > Address

      Select destination addresses, address groups, virtual IPs, and virtual IP groups.

      Service

      Select services and service groups.

      Log Traffic

      Select the traffic to log: No Log, Log Security Events, or Log All Sessions.

      AntiVirus Profile

      Enable or disable, and then select, the antivirus profile.

      Web Filter Profile

      Enable or disable, and then select, the web filter profile.

      Application Control

      Enable or disable, and then select, the application control profile.

      IPS Profile

      Enable or disable, and then select the IPS profile.

      Email Filter Profile

      Enable or disable, and then select, the email filter profile.

      Advanced Options

      Configure advanced options, see Advanced options below.

      For more information on advanced option, see the FortiOS CLI Reference.

      Change Note

      Add a description of the changes being made to the policy. This field is required.

    6. Click OK to create the policy. You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.
    Advanced options

    Option

    Description

    Default

    address-type

    Select

    none

    comments

    Add a description of the policy, such as its purpose, or the changes that have been made to it.

    none

    dlp-profile

    Select an existing data leak prevention (DLP) profile.

    none

    dlp-profile-status

    Enable or disable DLP.

    disable

    dsri

    Enable or disable DSRI.

    disable
    Previous
    Next