Skip to main content
rjsz
rjsz
New Member
August 8, 2017
Question

I can't put ACLs on a new pair of Fortigate 600D

  • August 8, 2017
  • 1 reply
  • 9715 views

Hi,

 

I'm quite new to Fortigate and I'm trying to out some ACLs on a HA (active/passive) pair of 600D. Going through the cookbook it seems pretty simply but I am missing the Policy & Objects > IPv4 Access Control Lists menu in the GUI, and I cannot use the config firewall acl command from the CLI. There is no such command. Is there a particular licence I need to activate to gain ACL functionality on the 600D?

 

Thanks,

 

1 reply

emnoc
emnoc
New Member
August 8, 2017

Let clear up lingo

 

1:A firewall ( FGT ) uses policies

 

2: you have a host of policies type ( regular , local ,ipv6 aka policy6, policy64 , policy46, interface-policy )

 

So sorry my friend a  "ACL" is not one of them ;)

 

here's a few policy types

 

 

regular ipv4 ipsec-tunnel

 

    edit 48         set srcintf "NEXOS"         set dstintf "wan1"         set srcaddr "all"         set dstaddr "all"         set action ipsec         set schedule "always"         set service "ALL"         set inbound enable         set vpntunnel "dialup_p1"     next

 

 

here's a local-in

 

 

config firewall local-in-policy     edit 12         set intf "port1"         set srcaddr "all"         set dstaddr "all"         set action accept         set service "SSH" "PING"         set schedule ''         set auto-asic-offload enable         set status enable     next

 

 

local-interface

 

config firewall interface-policy     edit 1         set status enable         set logtraffic utm         set interface ''LANINTUK"         set webfilter-profile-status enable     next end

 

 

Typically most policies are ipv4 or ipv6 related.

 

 

JoeAndrews
JoeAndrews
New Member
October 3, 2018

Hi - I have the same core issue, FG500D version 5.4.5, which is to say that I am missing the Policy & Objects > IPv4 Access Control Lists menu in the GUI and the CLI does not permit the config firewall acl command. I suspect that it may be a function of 'Feature Select' to enable this functionality, but I'm not sure what feature specially that would would be. All of the documentation about ACLs seems to reference that CLI command or that GUI location and neither is available. Thank you.

rwpatterson
rwpatterson
New Member
October 3, 2018

As Emnoc stated, the phrase "ACL" does not exist on a Fortigate. Policy is what is used to control access between points here.

Terms & ConditionsAccessibility statement