Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sselvam
Staff
Staff

Created on ‎11-04-2020 10:32 PM Edited on ‎10-01-2024 09:28 PM By Community Manager

Article Id 194511

Technical Tip: Firewall policy views

Description


This article provides a sample of firewall policy views.

 

Scope

 

FortiGate.

Solution


Policy views:

  • In Policy & Objects policy list page, there are two policy views: 'Interface Pair View' and 'By Sequence'.
  • 'Interface Pair View' displays the policies in the order that the FortiGate checks for matching traffic, grouped by the pairs of Incoming and Outgoing interfaces. For example, all policies referencing traffic from WAN1 to DMZ are in one section.
  • The policies referencing traffic from DMZ to WAN1 are in another section. The sections are collapsible, like that, look at the sections wanted only is needed.

 
  • Sequence displays policies in the order that FortiGate checks for matching traffic without any grouping.
 
 
  • The default display is 'Interface Pair View'. Switch between the two views except if any or multiple-interfaces are applied in the policy.

How Any or multiple-interfaces policy can change the Interface Pair View in v6.4.x, v7.0.x, and v7.2.x. 

 

  • The FortiGate unit automatically changes the view on the policy list page to by Sequence whenever there is a policy containing any or multiple interfaces as the Source or Destination interface. If the 'Interface Pair View' is greyed out, one or more policies have likely used any or multiple interfaces.
  • When any or multiple interfaces are used, the policy goes into multiple sections because it might be any one of a number of interface pairings. Policies are divided into sections using the interface pairings, for example, port1 to port2.
  •  Each section has its own policy order. The order in which a policy is checked for matching criteria to a packet’s information is based solely on the position of the policy within its section or within the entire list of policies. If the policy is in multiple sections, FortiGate cannot place the policy in order in multiple sections. Therefore the view can only be By Sequence.
 

 

Starting from v7.4.0, 'Interface Pair View' will not be greyed out even though Any or Multiple Interface Policies are used. It also introduces a 'New layout' to improve the GUI performance. 

 

new-layout.PNG

 

The 'New layout' includes features such as checkboxes to select and make changes to multiple firewall policies at the same time as shown below.

 

firewall.PNG

 

For more information regarding 'New layout', refer to Improve the performance of the GUI policy list

 

Related articles:

Technical Tip: How to enable interface pair view

Technical Tip: Firewall Policy Search Result Behavior

Technical Tip: Edit Multiple policies using the new policy layout

9118
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.