FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jguerra
Staff
Staff
Article Id 338531
Description This article describes how to use the clone reverse feature to optimize the Firewall policy creation and configuration.
Scope FortiGate v7.2.x, v7.4.x.
Solution

To streamline Firewall Policy configuration, it is possible to clone an existing policy with the Incoming and Outgoing Interfaces switched. Furthermore, the Source and Destination addresses are also reversed in the newly cloned policy. 
This is useful when traffic can originate from either the source or destination subnets. A clear example of this is configuring Intervlan routing or IPsec Tunnel policies.


Note:

Clone Reverse is not available for Policies with NAT enabled.

 

V7.2.x:

  1. 'Right-click' on a policy and select 'Clone Reverse'.

 CLONEREV1.png

 
  1. The policy is cloned with the Incoming and Outgoing Interfaces swapped as the Source and Destination addresses.


CLONEREV2.png

 

  1.  Hover over the Name field, select the pencil icon, and type the new policy name:

CLONEREV3.png

 

  1. Enable the Policy. 'Right-click' on the policy and select Set Status -> Enable.

 

CLONEREV4.png

 

  1. The new policy is now active and the original one remains unchanged:

 

CLONEREV5.png


V7.4.x:

The process is similar to the previous example, but for v7.4.x, the feature is named ‘Copy Reverse’.

 

  1. 'Right-click' on a policy and select 'Copy Reverse'.

 

CLONEREV6.png

 

  1. Right-click the policy again and select Paste -> Below.

 

CLONEREV7.png

 

  1. 'Double-click' the newly cloned policy to edit it and enter the Policy Name:

 

CLONEREV8.png

 

  1. Scroll down, select the 'Enable Policy' toggle, and Select OK.

 

CLONEREV9.png

 

  1. The new policy is now active and the original one remains unchanged:


CLONEREV10.png

 

Comments
MaryBolano
Staff
Staff

Great article! Keep it up @jguerra !!!

 

Contributors