Local in policies
Read-only local in policies show you all the types of traffic that can connect to or terminate at the FortiGate unit. For the FortiGate unit to receive local traffic a policy to receive the traffic must be in the local in policy list. The FortiGate unit needs to be able to receive traffic for a number of reasons. Among them:
• Central management connections from FortiManager
• Networking and routing connections, for example accepting or relaying DHCP requests, accepting routing communication from other routers (for example, OSPF, RIP, VRRP)
• Administrative access to FortiGate interfaces over ICMP, HTTP, HTTPS, and so on.
The local-in policy list includes an action column that shows whether the FortiGate unit accepts or drops sessions identified by the individual local in policies. As you change some configuration settings those changes are reflected in the local in policies. For example, Administrative Access local in policies change depending on the administrative access settings of your FortiGate interfaces.
From the local in policy page (Firewall > Policy > Local In Policy), you can enable or disable logging for local in allowed and denied traffic and for local out traffic.
In addition to the pre-defined local in policies, you can add your own using the following command:
config firewall {local-in-policy | local-in-policy6}
edit 0
set srcaddr all
set dstaddr all
set action (deny | allow}
set service ALL
set schedule always
set auto-asic-offload {disable | enable}
end