Technical Tip: How to allow the configuration of policies with multiple source/destination interfaces or 'any'
Description
This article describes how to enable the configuration of policies with multiple source/destination interfaces or 'any' through GUI and CLI.
Useful Links:
Feature visibility
Scope
FortiGate.
Solution
To enable the feature through the GUI:
Go to System -> Feature Visibility and, under the Additional Features, allow the Multiple Interface Policies and then select Apply.
To enable the feature through the CLI:
config system settings
set gui-multiple-interface-policy enable
end
After enabling the feature, adding multiple interfaces or 'any' in a firewall policy on the GUI is allowed. When choosing 'any', adding of additional interface is no longer possible as it implies that all interfaces have already been selected.
Note:
On v7.0.x, v7.2.x putting multiple incoming/outgoing interfaces or using 'any' interface will cause the 'Interface Pair View' to be greyed out as shown below.
Starting from v7.4, 'Interface Pair View' will not be greyed out as shown below:
Related articles:
- Technical Tip: How to enable interface pair view
- Technical Tip: Firewall policy views
- Technical Tip: How to configure multiple interfaces on a firewall policy (GUI)
- Technical Tip: Cannot create firewall policies with interface 'any'
- Technical Tip: How to allow the configuration of policies with multiple source/destination interfaces or 'any'
Related video: