Modify existing interface-zone mapping
Interfaces mapped to a zone locally on FortiGate devices are not visible in Device Manager on FortiManager. It is recommended to create objects in FortiManager instead of creating it on FortiGate devices locally. If an interface is already mapped to a zone in FortiGate, it must be unmapped first. A zone must be created in FortiManager, added to a policy and installed to FortiGate. For convenience and ease of use, it is better to manage Object Configuration and Interface Mapping from FortiManager.
If an Interface is mapped to a Zone in FortiGate:
- Log on to the FortiGate device.
- Delete the Interface/Zone mapping from Interfaces > [Interface_Name] > Delete.
- Log on to FortiManager.
- Go to Policy & Objects > Object Configurations.
- Click Create New > Zone. Configure the settings and create a zone named Zone_One. Enable Per-Device Mapping and select the Mapped Device and Device Interface.
- Go to Policy & Objects > Policy Packages. Select Create New from the Policy Package drop-down.
- In the Create New Policy Package dialog, specify the name as New_Policy_Package.
- Click the New_Policy_Package and click Create New. Specify the name as New_IPv4_Policy and include Zone_One in the policy.
- Click New_IPv4_Policy and click Installation Target. Assign the FortiGate device to this policy.
- Right-click New Policy Package and select Install Wizard. Select Install Policy Package & Device Settings and select the New Policy Package from the drop-down. Complete the installation as per the Install Wizard.
Zone_One is now available on the FortiGate device and mapped as specified in step 5.
A zone is installed to a FortiGate device only if it is created, mapped to an interface, included in the Policy Package, assigned to a device, and installed using the Install Wizard.
An interface cannot be reused if it is already mapped to a zone. To reuse an interface, first unmap it from the zone in Object Configurations, and then reinstall to the FortiGate device.
After a Virtual IP is created, it must be mapped to interfaces. If per-device mapping is used, the mapping will be visible immediately in Device Manager > [ Device_Name] > Interface.