Skip to main content
rezafathi
rezafathi
Explorer III
December 4, 2023
Solved

Source Interface Selection

  • December 4, 2023
  • 2 replies
  • 3226 views

Hi

 

I have port1 (LAN) and created 10 sub-interfaces for Vlans. So in Source interface selection box on all fortigate configuration, should I select Port1 or should I select Vlan interfaces?

Best answer by Debbie_FTNT

Hey rezafathi,

you have multiple options:
- you can add all 10 vlans to a zone (but then you can only use the zone interface for policies)

- you can create 10 policies, one for each VLAN

- you can enable 'Multiple Interface Policy' under System > Feature Select to allow adding more than one source interface in a policy

-> please note that this will disable the interface-based view in GUI! Policies will no longer be sorted by source/destination interface, but instead by their configured order only.

2 replies

mhemambika
Staff
mhemambika
Staff
December 4, 2023

Dear @rezafathi,

when you create VLAN interface on the firewall, VLAN interfaces will be becoming your logical interfaces for policy inspection, so in the source interface section of firewall policy, you will need to select the VLAN interfaces in order to control the traffic(received on the VLAN interface) based on firewall policy.

 

Hope this helps!

 

 

    rezafathi
    rezafathiAuthor
    Explorer III
    December 4, 2023

    Thanks. in firewall policy I can only select one incoming interface but multiple sources. So if i want to give 10 vlans internet access what should I do?

    Debbie_FTNT
    Staff & Editor
    Debbie_FTNTAnswer
    Staff & Editor
    December 4, 2023

    Hey rezafathi,

    you have multiple options:
    - you can add all 10 vlans to a zone (but then you can only use the zone interface for policies)

    - you can create 10 policies, one for each VLAN

    - you can enable 'Multiple Interface Policy' under System > Feature Select to allow adding more than one source interface in a policy

    -> please note that this will disable the interface-based view in GUI! Policies will no longer be sorted by source/destination interface, but instead by their configured order only.

      mle2802
      Staff
      mle2802
      Staff
      December 4, 2023

      Hi @rezafathi,
      It depends where traffic comes from. You can use sniffer to see incoming interface and use it as source interface. To sniff traffic, use this command " diag sniffer packet any "host X.X.X.X" 4 0 l ".

      Regards,
      Minh

        Terms & ConditionsAccessibility statement