Fortinet black logo

Creating normalized interfaces

7.2.0
Copy Link
Copy Doc ID 324303f3-cd7a-11ec-bb32-fa163e15d75b:639237
Download PDF

Creating normalized interfaces

Because the policy package uses interface objects instead of directly referring to the interface, we must link the interface objects with the actual interfaces on any/all devices. We do this by creating normalized interfaces with per-platform mappings.

To create normalized interfaces:
  1. In FortiManager, go to Policy & Objects > Object Configurations > Normalized Interface.
  2. In the content pane, click Create New.

    The Create New Normalized Interface pane opens.

  3. Set Name to HUB1.
  4. Under Per-Platform Mapping, click Create New.

    The Create New Per-Platform Mapping dialog box is displayed.

  5. Set the following options, and click OK:

    Matched Platform

    Select all.

    Mapped Interface Name

    Type HUB1.

    Tooltip

    The mapped interface is case sensitive. It must exactly match the interface on the target FortiGate.

    The per-platform mapping is created.

  6. Repeat this procedure to the following per-platform mappings:

    Normalized Interface

    Matching Type

    Mapped Interface/Zone

    HUB1

    Matched Platform: all

    HUB1

    HUB2

    Matched Platform: all

    HUB2

    VPN1

    Matched Platform: all

    VPN1

    VPN2

    Matched Platform: all

    VPN2

    WAN1

    Matched Platform: all

    WAN1

    WAN2

    Matched Platform: all

    WAN2

    HUB-Loopback

    Matched Device: HUB1

    HUB1-Lo

    Mapped Device: HUB2

    HUB2-Lo

    LAN

    Matched Platform: all

    port3

All the per-platform mappings are created:

Tooltip

If you are using different ports for LAN between branches, you can leverage per-device mapping to override the matched platform: all.

Creating normalized interfaces

Because the policy package uses interface objects instead of directly referring to the interface, we must link the interface objects with the actual interfaces on any/all devices. We do this by creating normalized interfaces with per-platform mappings.

To create normalized interfaces:
  1. In FortiManager, go to Policy & Objects > Object Configurations > Normalized Interface.
  2. In the content pane, click Create New.

    The Create New Normalized Interface pane opens.

  3. Set Name to HUB1.
  4. Under Per-Platform Mapping, click Create New.

    The Create New Per-Platform Mapping dialog box is displayed.

  5. Set the following options, and click OK:

    Matched Platform

    Select all.

    Mapped Interface Name

    Type HUB1.

    Tooltip

    The mapped interface is case sensitive. It must exactly match the interface on the target FortiGate.

    The per-platform mapping is created.

  6. Repeat this procedure to the following per-platform mappings:

    Normalized Interface

    Matching Type

    Mapped Interface/Zone

    HUB1

    Matched Platform: all

    HUB1

    HUB2

    Matched Platform: all

    HUB2

    VPN1

    Matched Platform: all

    VPN1

    VPN2

    Matched Platform: all

    VPN2

    WAN1

    Matched Platform: all

    WAN1

    WAN2

    Matched Platform: all

    WAN2

    HUB-Loopback

    Matched Device: HUB1

    HUB1-Lo

    Mapped Device: HUB2

    HUB2-Lo

    LAN

    Matched Platform: all

    port3

All the per-platform mappings are created:

Tooltip

If you are using different ports for LAN between branches, you can leverage per-device mapping to override the matched platform: all.