Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Shagma
New Contributor

Unable to create policy for individual zone member interface

As topic says. I cannot create policy for port 1 and port 2, presumably because they are members of a zone. Happened after upgrade to 5.0.5. How can I create individual policy for those ports? Do I have to remove the zone? What happens to the existing policies involving port 1 or port 2 if I do? Update: Actually I cannot use any VLANs on port 1 and 2 in any policy because they are all missing since the update...
3 REPLIES 3
danto
New Contributor

You will have to remove the interfaces from the zone. in order to do that you have to remove all configuration related to those interfaces in that zone. That means firewall policies as well
There is no patch for human stupidity...
Shagma
New Contributor

Thanks for replying. All the interfaces are available from the CLI. When I create a policy from the CLI the configured policy shows up in GUI, but I cannot create new policies for any VLAN interface from GUI as they are missing. Do you have any references for your proposed solution? It basically means to nearly set up the Fortigate from scratch, which is something I hesitate to do.
danto
New Contributor

What do you mean they are missing? What model do you have?. If you have a lower model they might be missing. You can create the vlan interface from GUI: In Network>Interface>Create New>Interface and you select Type vlan. You can cackup the config and modify it to remove the zone and create firewall policies without the zones and restore the modified config, but that requires some tweaking, it might be dangerous if you are inexperienced.
There is no patch for human stupidity...