Deep Dive into the FortiGate Firewall Local-In Policy: GUI vs. CLI and What You Can & Can't Do

In this video tutorial we take a deep dive look at the FortiGate firewall's Local-In Policy semantics. We go over the GUI and the limitations to making changes as well as the fact that you don't see the default Local-In Policy in the CLI, and then demonstrate the use case of wanting to deny certain subnets or hosts from administrative connectivity to the FortiGate firewall. This is all done with a FortiGate 60-E running 7.0.6 code. Remember, you can't create custom Local-In Policies from the GUI (only the CLI) and you won't see those custom Local-In Policies in the GUI...only the CLI. The reverse is true as well: The default administrative Local-In Policy page settings can't be seen from the CLI, but you can change/modify them from under the interface section of the GUI or the 'config system interface' section in the CLI. Hope this helps you out and enjoy!