FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
greg_barber
Staff
Staff
Description
After creating a VLAN interface on the FortiManager it is not visible when creating a Firewall Policy and selecting Incoming or Outgoing interface.

Solution
Add interface mapping for the newly created VLAN interface.

Background (Interface Mapping & Import Policy):
When you first import a configuration into the FortiManager from a FortiGate it requests confirmation of mapping for the Device Interface to the ADOM interface. This automatically creates a Mapped Policy Interface that you can see when you click on Device Manager > System > Interface.

New Interfaces:
When you create a new VLAN interface on the FortiManager, you associate it to the physical interface as you are assigning it an IP address.  This interface is only available in "Device Manager"  but not "Policy & Objects".

You now need to create a New Dynamic Interface in "Policy & Objects" (ADOM level) and associate it to the VLAN interface that you just created by adding a "per-device mapping" to the dynamic interface.

There are two ways to navigate to the menu for Creating New Dynamic Interfaces
(specific steps provided below are for FortiManager 5.4):

1. Policy Packages
When you are creating a new Firewall Policy and select either Incoming or Outgoing Interface, click on the + to the right of Zone & Interface

or

2. Object configurations
Go to Policy & Objects > Object Configurations > Zone/Interface > Interface > Create New > Dynamic Interface

Once there, configure the following:
a. Enable Per-Device Mapping
b. Click on Add
c. Select Device/VDOM & Interface that are mapping to

You will then be able to select the VLAN interface in the Firewall Policy.
Contributors