Fortinet black logo

Online Help

7.0.0
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.2
6.2.1
6.2.0
6.0.3
6.0.2
6.0.1
6.0.0

Interface pair view split for policies

Interface pair view split for policies

There are 2 modes to show policies in FortiOS: "Interface Pair View" and "By Sequence".

"Interface Pair View" categorizes policies by their source and destination interfaces, so it is more straight forward to manage.

However, "Interface Pair View" can only be used when all the policies contain only one interface in both source and destination interface fields. If there are multiple interfaces in a converted policy, "Interface Pair View Split" can split the policy into equivalent policies with single interface.

Please follow the steps below to split the policies:
  1. Go to the tuning page of policies.
  2. Click Interface Pair View Check to list all the policies which have multiple source or destination interfaces. (Optional)
  3. Select the policies you want to split and right click.
  4. Click Interface Pair View Split.

  5. Select Options:
    1. Discard hairpin policies

      2. Hairpin policies refer to policies from and to the same interface.

      For example, a policy from port1 to port1 and port2 can be split into 2 policies: one is from port1 to port1 and the other is from port1 to port2. If this option is enabled, the first policy would be discarded.

      This option is enable by default.

    2. Split interface "any" into multiple policies.

      3. If the source or destination interface of a policy is "any", you can choose to either split "any" into a list of interfaces, or not split the policy. If you want to split "any" into a list of interfaces, please select the interface names that represent to "any".

      For example, if port1 and port2 are selected, a policy from port1 to any can be split into 2 policies: one is from port1 to port1 and the other is from port1 to port2. If this option is disabled, the policy would not be split.

      This option is disable by default. Please note that there may be a lot of policies generated if many interfaces are selected.

  6. The selected policies will be split.

Previous
Next

Interface pair view split for policies

There are 2 modes to show policies in FortiOS: "Interface Pair View" and "By Sequence".

"Interface Pair View" categorizes policies by their source and destination interfaces, so it is more straight forward to manage.

However, "Interface Pair View" can only be used when all the policies contain only one interface in both source and destination interface fields. If there are multiple interfaces in a converted policy, "Interface Pair View Split" can split the policy into equivalent policies with single interface.

Please follow the steps below to split the policies:
  1. Go to the tuning page of policies.
  2. Click Interface Pair View Check to list all the policies which have multiple source or destination interfaces. (Optional)
  3. Select the policies you want to split and right click.
  4. Click Interface Pair View Split.

  5. Select Options:
    1. Discard hairpin policies

      2. Hairpin policies refer to policies from and to the same interface.

      For example, a policy from port1 to port1 and port2 can be split into 2 policies: one is from port1 to port1 and the other is from port1 to port2. If this option is enabled, the first policy would be discarded.

      This option is enable by default.

    2. Split interface "any" into multiple policies.

      3. If the source or destination interface of a policy is "any", you can choose to either split "any" into a list of interfaces, or not split the policy. If you want to split "any" into a list of interfaces, please select the interface names that represent to "any".

      For example, if port1 and port2 are selected, a policy from port1 to any can be split into 2 policies: one is from port1 to port1 and the other is from port1 to port2. If this option is disabled, the policy would not be split.

      This option is disable by default. Please note that there may be a lot of policies generated if many interfaces are selected.

  6. The selected policies will be split.

Previous
Next