FortiOS 5.6 Online Help Link FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link

Home > Online Help

> Chapter 30 - Transparent Mode > Firewalls and Security in Transparent Mode > Integrated Switch Fabric Access Control List Policies

Integrated Switch Fabric Access Control List Policies

Traffic accepted and forwarded by an ISF policy is not subject to security inspection. Normally, you should only create ISF policies for traffic that you consider very low risk.

On FortiGate models that include NP4 and XLR ports and an integrated switch fabric , you can create an integrated switch fabric (ISF) access control list (ACL) firewall policy that allows some traffic (for example, multicast traffic) to bypass security inspection, resulting in reduced CPN and NP4 processor load.

This feature is only available in Transparent mode and only between port pairs.

Use the following command to add an ISF ACL shortcut policy:

config firewall isf-acl

config port-pair-1

edit 1

set type binary

set ingressport {port1 | port2}

set offset

set length

set matchpattern <pattern in hex>

set action {bypass | block}


edit 2

set type 5-tuple

set srcaddr: a.b.c.d/32

set dstaddr 239.A.A.a/32

set proto UDP

set port XXX

set action {bypass | block}