Fortinet 3.0 MR7 manual Classifying FortiGate network interfaces

13Select the blue arrow to expand Group Membership.

This option does not appear if Device Type is FortiClient. In that case, also skip the following step.

14From the Available Groups area, select a device group or groups, if any, to which you want to assign the device, then select the right arrow button to move the group name into the Membership area.

Devices can belong to multiple groups. You can also add the device to a group later, or change the assigned group. For more information, see “Configuring device groups” on page 88.

15Select the blue arrow to expand FortiGate Interface Specification.

This option appears only if Device Type is FortiGate. If this option does not appear, proceed to the following step.

16Define the functional class of each network interface or VLAN sub-interface.

For more information about how to define the functional class of each network interface or VLAN sub-interface, see “Classifying FortiGate network interfaces” on page 84.

17Select OK.

The device appears in the device list. After registration, some device types can be configured for Secure Connection. For more information, see “Secure Connection” on page 74.

Classifying FortiGate network interfaces

The FortiGate Interface Specification area enables you to functionally classify network interfaces and VLAN subinterfaces according to their connections in your network topology. Functionally classifying the device’s network interfaces and VLAN subinterfaces as None, LAN, WAN or DMZ indirectly defines the directionality of traffic flowing between those network interfaces. For example, FortiAnalyzer units consider log messages of traffic flowing from a WAN class interface to a LAN or DMZ class interface to represent incoming traffic.

Some report types for FortiGate devices include traffic direction — inbound or outbound traffic flow. When the FortiAnalyzer unit generates reports involving traffic direction, the FortiAnalyzer unit compares values located in the source and destination interface fields of the log messages with your defined network interface classifications to determine the traffic directionality.

The table below illustrates the traffic directionality derived from each possible combination of source and destination interface class.

Table 8: Traffic directionality by class of the source and destination interface