Creating normalized interfaces
Because the policy package uses interface objects instead of directly referring to the interface, we must link the interface objects with the actual interfaces on any/all devices. We do this by creating normalized interfaces with per-platform mappings.
To create normalized interfaces:
- In FortiManager, go to Policy & Objects > Object Configurations > Normalized Interface.
- In the content pane, click Create New.
The Create New Normalized Interface pane opens.
- Set Name to HUB1.
- Under Per-Platform Mapping, click Create New.
The Create New Per-Platform Mapping dialog box is displayed.
- Set the following options, and click OK:
Matched Platform
Select all.
Mapped Interface Name
Type HUB1.
The mapped interface is case sensitive. It must exactly match the interface on the target FortiGate.
The per-platform mapping is created.
- Repeat this procedure to the following per-platform mappings:
Interface
Option
Setting
VPN1
Matched Platform
all Mapped Interface Name
VPN1 VPN2
Matched Platform
all Mapped Interface Name
VPN2 WAN1
Matched Platform
all Mapped Interface Name
WAN1 WAN2
Matched Platform
all Mapped Interface Name
WAN2 HUB-Loopback
Matched Platform
all Mapped Interface Name
HUB-Lo LAN
Matched Platform
all Mapped Interface Name
port3
All the per-platform mappings are created:
If you are using different ports for LAN between branches, you can leverage per-device mapping to override the matched platform: all. |