DescriptionIn a newly installed appliance (pod), the Network Access configuration only displays the Logical Network option when creating Network Access policies and configurations. However, existing pods display both Direct Network and Logical Network options.
Logical Networks were introduced in version 8.5. If existing pods are upgraded from an earlier version, an additional option called Direct Network is available. However, this option is not available in new installations or appliances that did not have any network access configurations created prior to upgrading to 8.5.
ScopeVersion: 8.5 and aboveSolutionIt may be desired to continue using the Direct Network option for rule consistency among pods. Enable the Direct Network option for both Network Access Policies and Network Device Roles in the new pod via the CLI. For assistance, contact Support.
Note: The
commands in this article should only be used on existing sites already configured with Network Access Policies or Network Device Roles using Direct Networks (Legacy method) and are adding or replacing pods. In new environments, Logical Networks should be used. For more information, see Logical networks section of the Administration Guide in the Fortinet Document Library.
The following commands should be executed in the new pod CLI using root access.
Enable Network Device Roles to be configured using Direct Networking method:
globaloptiontool -name policy.rolemapping.allowDirectConfig -set true
Enable Network Access Policies to be configured using Direct Networking Method:
globaloptiontool -name policy.access.allowDirectConfig -set true
Both options should now display in the UI of the new pod.
