Description
After creating a VLAN interface on the FortiManager it is not
visible when creating a Firewall Policy and selecting Incoming or
Outgoing interface.
Solution
Add interface mapping for the newly created VLAN interface.
Background (Interface Mapping & Import Policy):
When you first import a configuration into the FortiManager from a
FortiGate it requests confirmation of mapping for the Device
Interface to the ADOM interface. This automatically creates a
Mapped Policy Interface that you can see when you click on Device
Manager > System > Interface.
New Interfaces:
When you create a new VLAN interface on the FortiManager, you
associate it to the physical interface as you are assigning it an
IP address. This interface is only available in "Device
Manager" but not "Policy & Objects".
You now need to create a New Dynamic Interface in "Policy &
Objects" (ADOM level) and associate it to the VLAN interface that
you just created by adding a "per-device mapping" to the dynamic
interface.
There are two ways to navigate to the menu for Creating New Dynamic
Interfaces
(specific steps provided below are for FortiManager 5.4):
1. Policy Packages
When you are creating a new Firewall Policy and select either
Incoming or Outgoing Interface, click on the + to the right of Zone
& Interface
or
2. Object configurations
Go to Policy & Objects > Object Configurations >
Zone/Interface > Interface > Create New > Dynamic
Interface
Once there, configure the following:
a. Enable Per-Device Mapping
b. Click on Add
c. Select Device/VDOM & Interface that are mapping to
You will then be able to select the VLAN interface in the Firewall
Policy.