# config firewall policyTo check the iprope lists for the policy.
edit 99
set srcintf "port3"
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set srcaddr6 "all6"
set dstaddr6 "all6"
set action accept
set schedule "always"
set service "ALL"
set nat enable
set ippool enable
set poolname "ipv4-ippool-1"
set poolname6 "ipv6-ippool-1"
next
end
# diagnose firewall iprope list 100004NGFW Policy-based mode.
policy index=99 uuid_idx=56 action=accept
flag (8050108): redir nat master use_src pol_stats
flag2 (4000): resolve_sso
flag3 (20): link-local
schedule(always)
cos_fwd=255 cos_rev=255
group=00100004 av=00004e20 au=00000000 split=00000000
host=1 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 11 -> zone(1): 9
source(1): 0.0.0.0-255.255.255.255, uuid_idx=21,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=21,
service(1):
[0:0x0:0/(0,65535)->(0,65535)] helper:auto
nat(1): flag=1 base=0.0.0.0:0 2.2.2.30-2.2.2.40(0:0)
# diagnose firewall iprope6 list 100004
policy id: 99, group: 00100004, uuid_idx=56
action: accept, schedule: always
cos_fwd=255 cos_rev=255
flag (08050108): redir nat master use_src pol_stats
flag2(00004000): resolve_sso
shapers: / per_ip=
sub_groups: av 00004e20 auth 00000000 split 00000000 misc 00000000
app_list: 0 ips_view: 0
vdom_id: 1
zone_from(1): 11
zone_to(1): 9
address_src(1):
all uuid_idx=40
address_dst(1):
all uuid_idx=40
service(1):
[0:0x0:0/(0,65535)->(0,65535)] helper:auto
nat(1):
flag=1 base=::(:0)
2003::2003 - 2003::2004(0:0)
# config firewall policyTo configure an IPv4 and IPv6 security policy in the CLI.
edit 2
set srcintf "port24"
set dstintf "port17"
set srcaddr "all"
set dstaddr "all"
set srcaddr6 "all"
set dstaddr6 "all"
set service "ALL"
set auto-asic-offload disable
next
end
# config firewall security-policy
edit 1
set comments "test"
set srcintf "port24"
set dstintf "port17"
set srcaddr "all"
set dstaddr "all"
set srcaddr6 "all"
set dstaddr6 "all"
set enforce-default-app-port disable
set service "ALL"
set action accept
set schedule "always"
set logtraffic all
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.