Fortinet black logo

Administration Guide

Create a new interface policy

Create a new interface policy

The section describes how to create new IPv4 and IPv6 interface policies.

See Interface policies in the FortiOS Administration Guide for more information.

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.

To create a new Interface policy:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for the policy package, click IPv4 Interface Policy or IPv6 Interface Policy.
  4. Click Create New.
  5. Enter the following information:

    Option

    Description

    Source > Interface

    Select the source interface.

    Source > Address

    Select source addresses, address groups, virtual IPs, and virtual IP groups.

    Destination > Address

    Select destination addresses, address groups, virtual IPs, and virtual IP groups.

    Service

    Select services and service groups.

    Log Traffic

    Select the traffic to log: No Log, Log Security Events, or Log All Sessions.

    AntiVirus Profile

    Enable or disable, and then select, the antivirus profile.

    Web Filter Profile

    Enable or disable, and then select, the web filter profile.

    Application Control

    Enable or disable, and then select, the application control profile.

    IPS Profile

    Enable or disable, and then select the IPS profile.

    Email Filter Profile

    Enable or disable, and then select, the email filter profile.

    Advanced Options

    Configure advanced options, see Advanced options below.

    For more information on advanced option, see the FortiOS CLI Reference.

    Change Note

    Add a description of the changes being made to the policy. This field is required.

  6. Click OK to create the policy. You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.
Advanced options

Option

Description

Default

address-type

Select

none

comments

Add a description of the policy, such as its purpose, or the changes that have been made to it.

none

dlp-profile

Select an existing data leak prevention (DLP) profile.

none

dlp-profile-status

Enable or disable DLP.

disable

dsri

Enable or disable DSRI.

disable

Create a new interface policy

The section describes how to create new IPv4 and IPv6 interface policies.

See Interface policies in the FortiOS Administration Guide for more information.

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.

To create a new Interface policy:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for the policy package, click IPv4 Interface Policy or IPv6 Interface Policy.
  4. Click Create New.
  5. Enter the following information:

    Option

    Description

    Source > Interface

    Select the source interface.

    Source > Address

    Select source addresses, address groups, virtual IPs, and virtual IP groups.

    Destination > Address

    Select destination addresses, address groups, virtual IPs, and virtual IP groups.

    Service

    Select services and service groups.

    Log Traffic

    Select the traffic to log: No Log, Log Security Events, or Log All Sessions.

    AntiVirus Profile

    Enable or disable, and then select, the antivirus profile.

    Web Filter Profile

    Enable or disable, and then select, the web filter profile.

    Application Control

    Enable or disable, and then select, the application control profile.

    IPS Profile

    Enable or disable, and then select the IPS profile.

    Email Filter Profile

    Enable or disable, and then select, the email filter profile.

    Advanced Options

    Configure advanced options, see Advanced options below.

    For more information on advanced option, see the FortiOS CLI Reference.

    Change Note

    Add a description of the changes being made to the policy. This field is required.

  6. Click OK to create the policy. You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.
Advanced options

Option

Description

Default

address-type

Select

none

comments

Add a description of the policy, such as its purpose, or the changes that have been made to it.

none

dlp-profile

Select an existing data leak prevention (DLP) profile.

none

dlp-profile-status

Enable or disable DLP.

disable

dsri

Enable or disable DSRI.

disable