| Description | This article describe what to check if an interface is not showing in the firewall policy. |
| Scope | FortiGate 7.0, 7.2. |
| Solution |
In some scenarios, a FortiGate administrator wants to create a firewall policy directly by using an interface (this interface can be of any type VLAN interface, be it an IPsec Virtual tunnel interface or a physical interface), but the interface does not show up in the firewall policy.
One possible reason for this may be that the interface is referenced in the ZONE. To use the interface directly in the firewall policy, it is necessary to take the interface out of the ZONE configuration.
In the following example, a VLAN interface (DataVLAN) does not appear under the firewall policy:
This is because DataVLAN is referenced under LAN ZONE:
To use DataVLAN in firewall policy, remove the VLAN from the ZONE configuration:
Once it is removed, the firewall policy will show the DataVLAN interface and a policy can be directly made:
Note: As of FortiGate v7.4, the interface name itself is visible in firewall policy even if it is being used in the Zone, but the firewall policy still cannot be made directly from the interface if it is referenced in the zone.
It will show the following error: Input value is invalid.
Related articles: Troubleshooting Tip: Unable to add interface (logical and physical) into Interface Zone Troubleshooting Tip: Unable to create local-in-policy - 'node_check_object fail!' |
