
E.g., once youĬonfigure BGP on the Fortigate, this will open port 179 TCP to ALL, so to This means you have to take them into account. TheĬustom rules we create on CLI override (go above) the default rules, but do not Other way but by disabling/deleting services that opened them up. You cannot disable/delete/manipulate the auto-created by Fortigate rules any The default action in rules is deny, so when you see no action in the show output, You have separate, ipv4 and ipv6, local-in policies. My advice: forget about GUI, work on CLI from Rules you configure on CLI, and thus may confuse you into thinkingĬLI-configured rules do not work. The Fortigate when you enable appropriate services.

The Local-in policy can only be configured in CLI, the GUI display isĪdditionally, the GUI displays only default rules, created automatically by Have to go to System → Feature Visibility → Local-in Policy to make it so. It is visible in the GUI by default starting with FortiOS 7.x, but in older versions you
