Description After creating a VLAN interface on the FortiManager it is not
visible when creating a Firewall Policy and selecting Incoming or
Solution Add interface mapping for the newly created VLAN interface.
Background (Interface Mapping & Import Policy):
When you first import a configuration into the FortiManager from a
FortiGate it requests confirmation of mapping for the Device
Interface to the ADOM interface. This automatically creates a
Mapped Policy Interface that you can see when you click on Device
Manager > System > Interface.
When you create a new VLAN interface on the FortiManager, you
associate it to the physical interface as you are assigning it an
IP address. This interface is only available in "Device
Manager" but not "Policy & Objects".
You now need to create a New Dynamic Interface in "Policy &
Objects" (ADOM level) and associate it to the VLAN interface that
you just created by adding a "per-device mapping" to the dynamic
There are two ways to navigate to the menu for Creating New Dynamic
(specific steps provided below are for FortiManager 5.4):
1. Policy Packages
When you are creating a new Firewall Policy and select either
Incoming or Outgoing Interface, click on the + to the right of Zone
2. Object configurations
Go to Policy & Objects > Object Configurations >
Zone/Interface > Interface > Create New > Dynamic
Once there, configure the following:
a. Enable Per-Device Mapping
b. Click on Add
c. Select Device/VDOM & Interface that are mapping to
You will then be able to select the VLAN interface in the Firewall
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.