Fortinet white logo
Fortinet white logo

CLI Reference

system firewall fwmark-policy

system firewall fwmark-policy

Use this command to mark the traffic coming in FortiWeb. Using it together with policy route, you can direct the marked traffic to go out of FortiWeb through a specified interface or/and to a specified next-hop gateway.

Syntax

config system firewall fwmark-policy

edit "<fwmark-policy-name>"

set from <firewall_source-address_name>

set to <firewall_destination-address_name>

set in-interface <incoming_interface_name>

set service <firewall-service_name>"

set mark <mark_int>

end

Variable Description Default

"<fwmark-policy-name>"

The name of the fwmark policy.

No default.

from <firewall_source-address_name>

Enter the name of the firewall address configuration that specifies the source IP address or addresses to which this policy applies.

For details about creating firewall address configurations, see system firewall address.

No default.

to <firewall_destination-address_name>

Enter the name of the firewall address configuration that specifies the source IP address or addresses to which this policy rule applies.

For details about creating firewall address configurations, see system firewall address.

No default.

in-interface <incoming_interface_name>

Enter the name of the interface (for example, port1) on which FortiWeb receives packets it applies this firewall policy rule to.

No default.

service <firewall-service_name>"

Enter the name of the firewall service configuration that specifies the protocols and ports to which this policy rule applies.

For details about creating firewall address configurations, see system firewall address.

No default.

mark <mark_int>

Enter a value to mark the traffic that matches with the conditions above. The valid range is 1-255.

No default.

Example

config system firewall fwmark-policy

edit "1"

set from 1

set to 2

set in-interface port2

set service ALL_TCP

set mark 234

next

end

system firewall fwmark-policy

system firewall fwmark-policy

Use this command to mark the traffic coming in FortiWeb. Using it together with policy route, you can direct the marked traffic to go out of FortiWeb through a specified interface or/and to a specified next-hop gateway.

Syntax

config system firewall fwmark-policy

edit "<fwmark-policy-name>"

set from <firewall_source-address_name>

set to <firewall_destination-address_name>

set in-interface <incoming_interface_name>

set service <firewall-service_name>"

set mark <mark_int>

end

Variable Description Default

"<fwmark-policy-name>"

The name of the fwmark policy.

No default.

from <firewall_source-address_name>

Enter the name of the firewall address configuration that specifies the source IP address or addresses to which this policy applies.

For details about creating firewall address configurations, see system firewall address.

No default.

to <firewall_destination-address_name>

Enter the name of the firewall address configuration that specifies the source IP address or addresses to which this policy rule applies.

For details about creating firewall address configurations, see system firewall address.

No default.

in-interface <incoming_interface_name>

Enter the name of the interface (for example, port1) on which FortiWeb receives packets it applies this firewall policy rule to.

No default.

service <firewall-service_name>"

Enter the name of the firewall service configuration that specifies the protocols and ports to which this policy rule applies.

For details about creating firewall address configurations, see system firewall address.

No default.

mark <mark_int>

Enter a value to mark the traffic that matches with the conditions above. The valid range is 1-255.

No default.

Example

config system firewall fwmark-policy

edit "1"

set from 1

set to 2

set in-interface port2

set service ALL_TCP

set mark 234

next

end