Technical Tip: FortiLink interface is not listed under FortiGate Firewall policy from GUI
Description
This article describes howto map FortiLink (dedicated to FortiSwitch) interface to incoming or outgoing interface in firewall policy.
Solution
In some scenarios like configuring syslog or snmp on a managed FortiSwitch, it is required to create a policy to allow snmp or syslog traffic between FortiSwitch and snmp/syslog server.
In such cases, create a firewall policy with FortiLink interface as source and destination interface where snmp/syslog server is located.
Note that FortiLink interface will not be a visible option from GUI while creating firewall policy, so it is required to use FortiGate CLI to create policy.
For example.
Command to configure policy using FortiGate CLI.
This article describes howto map FortiLink (dedicated to FortiSwitch) interface to incoming or outgoing interface in firewall policy.
Solution
In some scenarios like configuring syslog or snmp on a managed FortiSwitch, it is required to create a policy to allow snmp or syslog traffic between FortiSwitch and snmp/syslog server.
In such cases, create a firewall policy with FortiLink interface as source and destination interface where snmp/syslog server is located.
Note that FortiLink interface will not be a visible option from GUI while creating firewall policy, so it is required to use FortiGate CLI to create policy.
For example.
Command to configure policy using FortiGate CLI.
(root) # config firewall policy
(policy) edit 80 (New policy ID)
(80) set srcintf <fortilink>
(80) set dstintf wan1 (Select respective interface from where you require access)
(80) set service ALL (You can select any particular service as per requirement)
(80) set dstaddr all
(80) set srcaddr all
(80) set schedule always
(80) end
Related Articles
Troubleshooting Tip: Configure SNMP for Managed FortiSwitch using custom-command