Technical Tip: How to allow the configuration of policies with multiple source/destination interfaces or 'any'

tahmadov · ‎11-08-2019

Description

This article describes how to enable the configuration of policies with multiple source/destination interfaces or 'any' through GUI and CLI.

Useful Links:
Feature visibility

Scope

FortiGate.

Solution

To enable the feature through the GUI:

Go to System -> Feature Visibility and, under the Additional Features, allow the Multiple Interface Policies and then select Apply.

To enable the feature through the CLI:

config system settings

set gui-multiple-interface-policy enable

end

After enabling the feature, adding multiple interfaces or 'any' in a firewall policy on the GUI is allowed.

Note:

On v7.0.x, v7.2.x putting multiple incoming/outgoing interfaces or using 'any' interface will cause the 'Interface Pair View' to be greyed out as shown below.

Starting from v7.4, 'Interface Pair View' will not be greyed out as shown below:

Related articles:

Technical Tip: How to enable interface pair view

Technical Tip: Firewall policy views

Technical Tip: How to configure multiple interfaces on a firewall policy (GUI)

Technical Tip: Cannot create firewall policies with interface 'any'

Technical Tip: How to allow the configuration of policies with multiple source/destination interface...