Technical Tip: Cannot configure local-in-policy with mgmt interface
| Description | This article describes the situation when it is not possible to configure local-in-policy with the mgmt interface. |
| Scope | FortiGate v7.2.8 and v7.2.10. |
| Solution | When setting the CLI command with:
config firewall local-in-policy
mgmt interface does not show up in local-in-policy under interface 'set intf' in interface lists.
To fix it: Go to check mgmt interface under the dedicated-mgmt setting under CLI commands as below.
config system dedicated-mgmt show config system dedicated-mgmt set status enable set interface “mgmt” set default-gateway x.x.x.x <----- Gateway IP address. end
It is necessary to disable dedicated-mgmt or remove that mgmt interface from the dedicated-mgmt setting.
To disable dedicated-mgmt:
config system dedicated-mgmt set status disable end
To remove the mgmt interface from the dedicated-mgmt setting.
config system dedicated-mgmt set interface yyy <----- Change mgmt interface to be yyy interface. end
Then mgmt interface will show up in the local-in-policy setting and can configure the local-in-policy with that mgmt interface after that.
config firewall local-in-policy
Note: Interface references can be verified through the GUI or using the following commands:
diagnose sys cmdb refcnt show <path.object.mkey>
Related article: |