Skip to main content
HS08
HS08
Visitor III
May 17, 2025
Question

Firewall local policy

  • May 17, 2025
  • 2 replies
  • 1238 views

I want to restrict by allowing some hosts to be can access my fortigate using public IP and block the rest.

Searching in the community this can be done by creating local-in firewall policy but in my fortigate there is no local-in policy. How i can enable this?

2 replies

salemneaz
Staff
salemneaz
Staff
May 17, 2025

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/363127/local-in-policy

HS08
HS08Author
Visitor III
May 17, 2025

in  my fortigate there is no local-in policy. Should be enabled first? if yes how we can enable that option?

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
May 17, 2025

If you're running 7.4.x or older, you need to use CLI. The feature is always there and available unless you're using an ancient version. 7.6 started GUI support .
https://docs.fortinet.com/document/fortigate/7.6.0/new-features/308650/gui-support-for-local-in-policies

Toshi

Yurisk
SuperUser
Yurisk
SuperUser
May 18, 2025

Local-in policies in GUI, as already mentioned, are available starting 7.6, and as only very adventurous and "feeling lucky" people run 7.6. today in production, all other versions have it in CLI only:

 

https://docs.fortinet.com/document/fortigate/7.0.7/administration-guide/363127/local-in-policies 

 

Some examples, of configurations:

https://yurisk.info/2022/07/04/fortigate-local-in-policy-configuration-examples-for-vpn-ipsec-vpn-ssl-bgp-and-more/

and https://yurisk.info/2020/06/07/fortigate-local-in-policy/

Terms & ConditionsAccessibility statement