firewall : interface-policy6
 
interface-policy6
DoS policies (called interface policies in the CLI) for IPv6 addresses, are used to apply IPS sensors to network traffic based on the FortiGate interface it is leaving or entering as well as the source and destination addresses.
The interface-policy6 command is used for DoS policies applied to IPv6 addresses. For IPv4 addresses, use interface-policy instead.
Syntax
config firewall interface-policy6
edit <policy_id>
set application-list-status {enable | disable}
set application_list <app_list_str>
set av-profile-status {enable | disable}
set av-profile <avprofile_name>
set dlp-profile-status {enable | disable}
set dlp-profile <avprofile_name>
set dstaddr6 <dstaddr_ipv6>
set interface
set ips-sensor-status {enable | disable}
set ips-sensor <sensor_str>
set logtraffic {all | utm | disable}
set service6 <service_str>
set service6 <service_str>
set spamfilter-profile <spfilter_profile_name>
set spamfilter-profile-status {enable | disable}
set status {enable | disable}
set webfilter-profile-status {enable | disable}
set webfilter-profile <webfilter_profile_name>
end
Variable
Description
Default
application-list-status {enable | disable}
Enable to have the FortiGate unit apply an application black/white list to matching network traffic.
disable
application_list <app_list_str>
Enter the name of the application black/white list the FortiGate unit uses when examining network traffic.
This option is available only when application-list-status is set to enable.
No default.
av-profile-status {enable | disable}
Enable to apply an antivirus profile to traffic on this interface.
disable
av-profile <avprofile_name>
Enter the antivirus profile to apply. This is available when av‑profile‑status is enabled.
No default.
dlp-profile-status {enable | disable}
Enable to apply a Data Leak Prevention (DLP) profile to traffic on this interface.
disable
dlp-profile <avprofile_name>
Enter the Data Leak Prevention (DLP) profile to apply. This is available when dlp‑profile‑status is enabled.
No default.
dstaddr6 <dstaddr_ipv6>
Enter an address or address range to limit traffic monitoring to network traffic sent to the specified address or range.
 
interface
The interface or zone to be monitored.
No default.
ips-sensor-status {enable | disable}
Enable to have the FortiGate unit examine network traffic for attacks and vulnerabilities.
disable
ips-sensor <sensor_str>
Enter the name of the IPS sensor the FortiGate unit will use when examining network traffic.
This option is available only when ips-sensor-status is set to enable.
No default.
logtraffic {all | utm | disable}
Choose which traffic logs will be recorded:
all
utm - only UTM-relatedlogs
disable - no logging
utm
service6 <service_str>
Enter a service to limit traffic monitoring to only the selected type. You may also specify a service group, or multiple services separated by spaces.
 
spamfilter-profile <spfilter_profile_name>
Enter the spamfilter profile to apply. This is available when spamfilter‑profile‑status is enabled.
No default.
spamfilter-profile-status {enable | disable}
Enable to apply a spamfilter profile to traffic on this interface.
disable
srcaddr6 <srcaddr_ipv6>
Enter an address or address range to limit traffic monitoring to network traffic sent from the specified address or range.
 
status {enable | disable}
Enable or disable the DoS policy. A disabled DoS policy has no effect on network traffic.
enable
webfilter-profile-status {enable | disable}
Enable to apply a webfilter profile to traffic on this interface.
disable
webfilter-profile <webfilter_profile_name>
Enter the webfilter profile to apply. This is available when webfilter‑profile‑status is enabled.
No default.