Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
theArties
New Contributor III

Created on ‎03-20-2019 01:45 AM

FortiOS 5.6.8 and Unable to add Multiple Interface in IPv4 Policy using GUI

Recently upgraded to said version. 

 

Noticed that while creating a new policy using GUI, unable to see the '+' symbol while adding multiple interfaces (from/to). Also tried pressing ctrl button while doing the selection.  

 

However, existing policies that have multiple interfaces remain. 

 

So I tried using CLI and by comparing existing policies, able to use CLI to add the multiple interfaces. And this shows up on the GUI. 

 

Hence, would like to confirm, whether is this a bug, or simply a removal of the existing feature.

Would upgrading to v6 bring this back? 

 

Thanks for your time.  

4161
0 Kudos
1 Solution
ede_pfau
SuperUser
SuperUser
In response to theArties

Created on ‎03-21-2019 01:57 AM

And why is it made a feature setting.
Because, if you use multiple interfaces in just one policy, you will lose the segmented policy view - segmentation by interface pairs isn't possible anymore then. This not only makes managing more cumbersome but debugging traffic flow will become more challenging then.

I would always try to avoid this. Explicit policies can be debugged and managed explicitely (think: byte counter), at the expense of a longer policy list.

Ede Kernel panic: Aiee, killing interrupt handler!

View solution in original post

Ede Kernel panic: Aiee, killing interrupt handler!
1920
0 Kudos
3 REPLIES 3
hnmr
New Contributor III

Created on ‎03-20-2019 06:34 AM

Have you enabled this feature in GUI?

 

config system settings

  set gui-multiple-interface-policy enable

end

1889
0 Kudos
theArties
New Contributor III
In response to hnmr

Created on ‎03-20-2019 06:22 PM

Thank you very much. How did I miss that. And why is it made a feature setting. 

 

1889
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to theArties

Created on ‎03-21-2019 01:57 AM

And why is it made a feature setting.
Because, if you use multiple interfaces in just one policy, you will lose the segmented policy view - segmentation by interface pairs isn't possible anymore then. This not only makes managing more cumbersome but debugging traffic flow will become more challenging then.

I would always try to avoid this. Explicit policies can be debugged and managed explicitely (think: byte counter), at the expense of a longer policy list.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
1921
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.