Policy and route lookup (266996 222827)
The Policy Lookup button in the menu bar at the top of the IPv4 and IPv6 Policy pages is used to determine the policy that traffic with a particular set of parameters will use. Once the parameters are entered, the policy that the traffic will use is displayed.
The parameters are:
- Source Interface – select from drop down menu of available interfaces
- Protocol – select from a drop down menu of:
- IP
- TCP
- UDP
- SCTP
- [ICMP|ICMPv6]
- [ICMP|ICMPv6] ping request
- [ICMP|ICMPv6] ping reply
- Source – Source IP address
- Source Port
- Destination – Destination IP address
- Protocol Number – if Protocol = IP
- Source Port – if Protocol = TCP|UDP|SCTP
- Destination Port – if Protocol = TCP|UDP|SCTP
- ICMP Type – if Protocol = ICMPv6
- ICMP Code – if Protocol = ICMPv6
Support NAT 64 CLAT (244986)
NAT64 CLAT traffic is now supported by the FortiGate. CLAT traffic comes from devices that use the SIIT
translator that plays a part in affecting IPv6 – IPv4 NAT translation.
VIPs can contain FQDNs (268876)
Instead of mapping to an IP address VIP can use a Fully Qualified Domain Name. This has to be configured in the CLI and the FQDN must be an address object that is already configured in the address listing.
The syntax for using a FQDN is as follows:
config firewall vip edit <VIP id>
set type fqdn
set mapped-addr <FQDN address object>
end