Fortinet black logo

Creating normalized interfaces

7.2.0
Copy Link
Copy Doc ID 1a45e9c2-cd7a-11ec-bb32-fa163e15d75b:345101
Download PDF

Creating normalized interfaces

Because the policy package uses interface objects instead of directly referring to the interface, we must link the interface objects with the actual interfaces on any/all devices. We do this by creating normalized interfaces with per-platform mappings.

To create normalized interfaces:
  1. In FortiManager, go to Policy & Objects > Object Configurations > Normalized Interface.
  2. In the content pane, click Create New.

    The Create New Normalized Interface pane opens.

  3. Set Name to HUB1.
  4. Under Per-Platform Mapping, click Create New.

    The Create New Per-Platform Mapping dialog box is displayed.

  5. Set the following options, and click OK:

    Matched Platform

    Select all.

    Mapped Interface Name

    Type HUB1.

    Tooltip

    The mapped interface is case sensitive. It must exactly match the interface on the target FortiGate.

    The per-platform mapping is created.

  6. Repeat this procedure to the following per-platform mappings:

    Interface

    Option

    Setting

    VPN1

    Matched Platform

    all

    Mapped Interface Name

    VPN1

    VPN2

    Matched Platform

    all

    Mapped Interface Name

    VPN2

    WAN1

    Matched Platform

    all

    Mapped Interface Name

    WAN1

    WAN2

    Matched Platform

    all

    Mapped Interface Name

    WAN2

    HUB-Loopback

    Matched Platform

    all

    Mapped Interface Name

    HUB-Lo

    LAN

    Matched Platform

    all

    Mapped Interface Name

    port3

All the per-platform mappings are created:

Tooltip

If you are using different ports for LAN between branches, you can leverage per-device mapping to override the matched platform: all.

Creating normalized interfaces

Because the policy package uses interface objects instead of directly referring to the interface, we must link the interface objects with the actual interfaces on any/all devices. We do this by creating normalized interfaces with per-platform mappings.

To create normalized interfaces:
  1. In FortiManager, go to Policy & Objects > Object Configurations > Normalized Interface.
  2. In the content pane, click Create New.

    The Create New Normalized Interface pane opens.

  3. Set Name to HUB1.
  4. Under Per-Platform Mapping, click Create New.

    The Create New Per-Platform Mapping dialog box is displayed.

  5. Set the following options, and click OK:

    Matched Platform

    Select all.

    Mapped Interface Name

    Type HUB1.

    Tooltip

    The mapped interface is case sensitive. It must exactly match the interface on the target FortiGate.

    The per-platform mapping is created.

  6. Repeat this procedure to the following per-platform mappings:

    Interface

    Option

    Setting

    VPN1

    Matched Platform

    all

    Mapped Interface Name

    VPN1

    VPN2

    Matched Platform

    all

    Mapped Interface Name

    VPN2

    WAN1

    Matched Platform

    all

    Mapped Interface Name

    WAN1

    WAN2

    Matched Platform

    all

    Mapped Interface Name

    WAN2

    HUB-Loopback

    Matched Platform

    all

    Mapped Interface Name

    HUB-Lo

    LAN

    Matched Platform

    all

    Mapped Interface Name

    port3

All the per-platform mappings are created:

Tooltip

If you are using different ports for LAN between branches, you can leverage per-device mapping to override the matched platform: all.