Technical Tip: How to count the total number of firewall policies

Description

This article describes a method to count the total number of firewall policies on a FortiGate.

CLI commands listed below will display the total number of policies, and how many policies are enabled or disabled.

Scope

Solution

Using the command modifier '| grep' instructs the firewall to 'search for' the information that follows (in quotes if multiple words are used).

Using the command modifier '-c' instructs the firewall to only 'count' the number of occurrences.

The command to count the total number of firewall policies:

sh full-configuration firewall policy | grep -c 'set status'

Or:

sh full-configuration firewall policy | grep -c 'edit'

To count enabled firewall policies:

sh full-configuration firewall policy | grep -c 'set status enable'

To count disabled firewall policies.

sh full-configuration firewall policy | grep -c 'set status disable'

Implicit Deny Policy is not included in the count.

This can be applied to all contexts, not only to firewall policies.

Note: This only works per VDOM, and does not display a summary of all VDOMs. To see the output from another VDOM, that VDOM needs to be entered first.