Firewall

Policy and route lookup (266996 222827)

The Policy Lookup button in the menu bar at the top of the IPv4 and IPv6 Policy pages is used to determine the policy that traffic with a particular set of parameters will use. Once the parameters are entered, the policy that the traffic will use is displayed.

 

The parameters are:

  • Source Interface – select from drop down menu of available interfaces
  • Protocol – select from a drop down menu of:
  • IP
  • TCP
  • UDP
  • SCTP
  • [ICMP|ICMPv6]
  • [ICMP|ICMPv6] ping request
  • [ICMP|ICMPv6] ping reply
  • Source – Source IP address
  • Source Port
  • Destination – Destination IP address
  • Protocol Number – if Protocol = IP
  • Source Port – if Protocol = TCP|UDP|SCTP
  • Destination Port – if Protocol = TCP|UDP|SCTP
  • ICMP Type – if Protocol = ICMPv6
  • ICMP Code – if Protocol = ICMPv6

 

 

 

Support NAT 64 CLAT (244986)

NAT64 CLAT traffic is now supported by the FortiGate. CLAT traffic comes from devices that use the SIIT

translator that plays a part in affecting IPv6 – IPv4 NAT translation.

 

VIPs can contain FQDNs (268876)

Instead of mapping to an IP address VIP can use a Fully Qualified Domain Name. This has to be configured in the CLI and the FQDN must be an address object that is already configured in the address listing.

The syntax for using a FQDN is as follows:

config firewall vip edit <VIP id>

set type fqdn

set mapped-addr <FQDN address object>

end

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.