config firewall policy6
Use this command to configure firewall policy rules for IPv6 addresses.
A firewall policy allows or denies traffic to be forwarded to the system based on a matching tuple: source address, destination address, and service.
The FortiADC system evaluates firewall policies before other rules. It matches traffic against the firewall policy table, beginning with the first rule. If a rule matches, the specified action is taken. If the session is denied by a firewall policy rule, it is dropped. If the session is accepted, system processing continues.
By default, if firewall rules are not configured, the system does not perform firewall processing; all traffic is processed as if the system were a router, and traffic is forwarded according to routing and other system rules.
Before you begin:
• You must have a good understanding and knowledge of firewalls.
• You must have created the address configuration objects and service configuration objects that define the matching tuple in your firewall policy rules.
• You must have read-write permission for firewall settings.
Syntax
config firewall policy6
set default-action {deny|accept}
set stateful {enable|disable}
config rule
edit <name>
set action {deny | accept}
set destination-address6 <datasource>
set in-interface <datasource>
set out-interface <datasource>
set service <datasource>
set source-address6 <datasource>
next
end
end
default-action | Action when no rule matches or no rules are configured: • deny—Drop the traffic. • accept—Allow the traffic to pass the firewall. |
stateful | Enable/disable stateful firewall. |
config rule |
action | • deny—Drop the traffic. • accept—Allow the traffic to pass the firewall. |
destination-address6 | Destination address object to use to form the matching tuple. |
in-interface | Interface that receives traffic. |
out-interface | Interface that forwards traffic. |
service | Service object to use to form the matching tuple. |
source-address6 | Source address object to use to form the matching tuple. |