Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

system interface's trust-ip-1 Vs system admin's trusthost1 Vs firewall local-in-policy

Hi experts,

My use-case is to allow SNMP Manager access to Fortigate's SNMP Agent, but the question is more general.

System interface's trust-ip-1 (if "dedicated-to" is 'management'), system admin's trusthost1 and firewall local-in-policy are supposed to control administrative access.

From experience, system admin's trusthost1 overrides system interface's trust-ip-1. However, I don't understand priority of system interface's trust-ip-1 versus firewall local-in-policy.

If all of system interface's trust-ip-X excludes certain IP but firewall local-in-policy does allow traffic from such, who wins?

R's, Alex


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors