Technical Tip: Impossible to set an interface as outgoing interface in firewall policy using GUI

amuda · ‎03-24-2024

Description

This article describes the scenario when it is not possible to set an interface as an outgoing interface in the firewall policy using GUI with an error of 'Input value is invalid'.

Scope

FortiGate.

Solution

Port3 and Port4 will be used as an example.

Unable to create a firewall policy in GUI using either Port3 or Port4 and an error is observed:

Creating the firewall policy in CLI shows that Port3 and Port4 are not on the list of selectable interfaces.

Check if either of the ports exists. It is found that Port3 and Port4 belong to a zone (Zone-A).

When an interface has been added into a Zone, it is not possible to reference the individual interface.

There are two options on how to proceed.

Option 1: Use 'Zone-A' as either an incoming or outgoing interface.
Option 2: Remove either Port3 or Port4 from 'Zone-A' to use only one of the ports.

With option 2.

Remove port3 from the zone and verify that only Port4 is left in the ‘Zone-A'.

Port3 is now available as an individually selectable interface when creating a firewall policy in CLI.

It is possible to create a firewall policy using port3 as an incoming interface in GUI.