Fortinet white logo
Fortinet white logo

CLI Reference

firewall interface-policy

Configure IPv4 interface policies.

  config firewall interface-policy
      Description: Configure IPv4 interface policies.
      edit <policyid>
          set status [enable|disable]
          set comments {var-string}
          set logtraffic [all|utm|...]
          set interface {string}
          set srcaddr <name1>, <name2>, ...
          set dstaddr <name1>, <name2>, ...
          set service <name1>, <name2>, ...
          set application-list-status [enable|disable]
          set application-list {string}
          set ips-sensor-status [enable|disable]
          set ips-sensor {string}
          set dsri [enable|disable]
          set av-profile-status [enable|disable]
          set av-profile {string}
          set webfilter-profile-status [enable|disable]
          set webfilter-profile {string}
          set emailfilter-profile-status [enable|disable]
          set emailfilter-profile {string}
          set dlp-sensor-status [enable|disable]
          set dlp-sensor {string}
      next
  end

config firewall interface-policy

Parameter Name Description Type Size
status Enable/disable this policy.
enable: Enable this policy.
disable: Disable this policy.
option -
comments Comments. var-string Maximum length: 1023
logtraffic Logging type to be used in this policy (Options: all utm disable, Default: utm).
all: Log all sessions accepted or denied by this policy.
utm: Log traffic that has a security profile applied to it.
disable: Disable all logging for this policy.
option -
interface Monitored interface name from available interfaces. string Maximum length: 35
srcaddr <name> Address object to limit traffic monitoring to network traffic sent from the specified address or range.
Address name.
string Maximum length: 79
dstaddr <name> Address object to limit traffic monitoring to network traffic sent to the specified address or range.
Address name.
string Maximum length: 79
service <name> Service object from available options.
Service name.
string Maximum length: 79
application-list-status Enable/disable application control.
enable: Enable application control
disable: Disable application control
option -
application-list Application list name. string Maximum length: 35
ips-sensor-status Enable/disable IPS.
enable: Enable IPS.
disable: Disable IPS.
option -
ips-sensor IPS sensor name. string Maximum length: 35
dsri Enable/disable DSRI.
enable: Enable DSRI.
disable: Disable DSRI.
option -
av-profile-status Enable/disable antivirus.
enable: Enable antivirus
disable: Disable antivirus
option -
av-profile Antivirus profile. string Maximum length: 35
webfilter-profile-status Enable/disable web filtering.
enable: Enable web filtering.
disable: Disable web filtering.
option -
webfilter-profile Web filter profile. string Maximum length: 35
emailfilter-profile-status Enable/disable email filter.
enable: Enable Email filter.
disable: Disable Email filter.
option -
emailfilter-profile Email filter profile. string Maximum length: 35
dlp-sensor-status Enable/disable DLP.
enable: Enable setting.
disable: Disable setting.
option -
dlp-sensor DLP sensor name. string Maximum length: 35

firewall interface-policy

Configure IPv4 interface policies.

  config firewall interface-policy
      Description: Configure IPv4 interface policies.
      edit <policyid>
          set status [enable|disable]
          set comments {var-string}
          set logtraffic [all|utm|...]
          set interface {string}
          set srcaddr <name1>, <name2>, ...
          set dstaddr <name1>, <name2>, ...
          set service <name1>, <name2>, ...
          set application-list-status [enable|disable]
          set application-list {string}
          set ips-sensor-status [enable|disable]
          set ips-sensor {string}
          set dsri [enable|disable]
          set av-profile-status [enable|disable]
          set av-profile {string}
          set webfilter-profile-status [enable|disable]
          set webfilter-profile {string}
          set emailfilter-profile-status [enable|disable]
          set emailfilter-profile {string}
          set dlp-sensor-status [enable|disable]
          set dlp-sensor {string}
      next
  end

config firewall interface-policy

Parameter Name Description Type Size
status Enable/disable this policy.
enable: Enable this policy.
disable: Disable this policy.
option -
comments Comments. var-string Maximum length: 1023
logtraffic Logging type to be used in this policy (Options: all utm disable, Default: utm).
all: Log all sessions accepted or denied by this policy.
utm: Log traffic that has a security profile applied to it.
disable: Disable all logging for this policy.
option -
interface Monitored interface name from available interfaces. string Maximum length: 35
srcaddr <name> Address object to limit traffic monitoring to network traffic sent from the specified address or range.
Address name.
string Maximum length: 79
dstaddr <name> Address object to limit traffic monitoring to network traffic sent to the specified address or range.
Address name.
string Maximum length: 79
service <name> Service object from available options.
Service name.
string Maximum length: 79
application-list-status Enable/disable application control.
enable: Enable application control
disable: Disable application control
option -
application-list Application list name. string Maximum length: 35
ips-sensor-status Enable/disable IPS.
enable: Enable IPS.
disable: Disable IPS.
option -
ips-sensor IPS sensor name. string Maximum length: 35
dsri Enable/disable DSRI.
enable: Enable DSRI.
disable: Disable DSRI.
option -
av-profile-status Enable/disable antivirus.
enable: Enable antivirus
disable: Disable antivirus
option -
av-profile Antivirus profile. string Maximum length: 35
webfilter-profile-status Enable/disable web filtering.
enable: Enable web filtering.
disable: Disable web filtering.
option -
webfilter-profile Web filter profile. string Maximum length: 35
emailfilter-profile-status Enable/disable email filter.
enable: Enable Email filter.
disable: Disable Email filter.
option -
emailfilter-profile Email filter profile. string Maximum length: 35
dlp-sensor-status Enable/disable DLP.
enable: Enable setting.
disable: Disable setting.
option -
dlp-sensor DLP sensor name. string Maximum length: 35