Technical Tip: Effect of Disabling Multiple Interfaces feature on already configured Firewall Policies with multiple interfaces
| Description | This article describes the effect of disabling the multiple interfaces feature on already configured firewall policies with multiple interfaces in FortiGate. In addition, it shows a CLI command for a quick check for policies configured with multiple interfaces. |
| Scope | FortiGate. |
| Solution | It is assumed that the multiple interfaces feature is enabled and the firewall policies have multiple interfaces configured on them (neglecting interfaces in down status):
There is a requirement to disable this feature, and there is a concern on what's the effect on the already configured firewall policies with multiple interfaces. FortiOS is smart enough that it will not break the existing configuration; however, for any newly configured firewall policy, the feature will not be available.
Here, the feature is disabled; however, the screenshot shows that the multiple interfaces policy ID 1 still has multiple interfaces attached to it:
The following CLI command lists multiple interface policies by ID in large implementations:
In summary, if the feature is disabled, it will be applicable ONLY to newly configured firewall policies, NOT the existing ones.
Related articles: Technical Tip: How to configure multiple interfaces on a firewall policy (GUI) |
