firewall : local-in-policy, local-in-policy6
 
local-in-policy, local-in-policy6
Use these commands to create firewall policies for traffic destined for the FortiGate unit itself.
Syntax
config firewall local-in-policy (for IPv4 traffic)
config firewall local-in-policy6 (for IPv6 traffic)
edit <index_int>
set action {accept | deny}
set auto-asic-offload {enable | disable}
set intf <name_str>
set srcaddr <name_str>
set dstaddr <name_str>
set service <name_str>
set schedule <name_str>
set status {enable | disable}
end
Variable
Description
Default
<index_int>
Enter the unique ID number of this policy. Enter 0 to assign the next available ID.
 
action {accept | deny}
Select the action that the FortiGate unit will perform on traffic matching this firewall policy.
deny
auto-asic-offload {enable | disable}
Enable or disable session offload to NP or SP processors.
enable
intf <name_str>
Enter the source interface. This is the interface through which the traffic reaches the FortiGate unit.
No default.
srcaddr <name_str>
Enter one or more source firewall addresses for the policy. Separate multiple firewall addresses with a space.
No default.
dstaddr <name_str>
Enter one or more destination firewall addresses for the policy. Separate multiple firewall addresses with a space.
No default.
service <name_str>
Enter the name of one or more services, or a service group, to match with the firewall policy. Separate multiple services with a space.
No default.
schedule <name_str>
Enter the name of the one-time or recurring schedule or schedule group to use for the policy.
No default.
status {enable | disable}
Enable or disable this policy.
enable