Deep Dive into the FortiGate Firewall Local-In Policy: GUI vs. CLI and What You Can & Can't Do

You are a Star, hope you make a good FortiGate series

Thank you so much. Your video really saved me. I google but no one can explain Local-In Policy clearly.

After a very long time, another detailed and well explained video. Thank you so much sir. Always waiting for your next video.

Great explanation :)

Thanks a ton. I have been looking for a tutorial for managing local-in policies, and yours is the best I have seen so far.
However, I wonder if you know this, because this has been impossible to find. That's the function of the 'set srcaddr-negate enable' function.
Per my understanding, this reverses the way the local-in policy works, and by default would allow only your specified addresses.
I have a few firewalls I need to put something like that in place, and I have been testing this in my lab and it appears to work how I am intending, I am just concerned with putting them on some production firewalls with as little documentation as I have been able to find.
Do you have any experience with that function? Perhaps another video already? (I'm about to scroll through your videos and check)
Thanks in advance.

Just to add to the topic - local-in-policy has an implicit ALLOW, so if you want to permit certain ranges to particular management service, you then have to create a "deny any" to that service, or use the negate function [carefully] as mentioned by @ClownzRevenge. Be very careful with local-in policies - do NOT do a "deny any any"!!!