Technical Tip : Renaming FortiGate configuration objects
Description
Certain FortiGate configuration objects can be renamed by using the CLI command "rename".
Scope
Example provided in FortiOS 4.0MR2
Solution
The following example shows how to change the name of a firewall address, a firewall address group, and an AV protection profile.
Certain FortiGate configuration objects can be renamed by using the CLI command "rename".
Scope
Example provided in FortiOS 4.0MR2
Solution
The following commands can be used to check whether an object can be renamed. The "?" command is used to show the list of all available sub-commands in a particular context.
FGT# config firewall address
FGT(address) # ?
| edit add/edit a table value delete delete a table value purge clear all table value rename rename a table entry < rename is available get get dynamic and system information show show configuration end end and save last config |
If the "rename" option does not appear in the list of sub-commands, the given object cannot be renamed (such as in FortiOS 4.0MR2 : VPN phase1, interface names, firewall policy index, static route and policy based route index).
The rename command can then be used as shown below.
FGT(address) # rename <old_name> to <new_name>
The following example shows how to change the name of a firewall address, a firewall address group, and an AV protection profile.
1. Object used in a Firewall Policy and addrgrp configuration before the changes.
FGT# show firewall policy 3
config firewall policy
edit 3
set srcintf "dmz"
set dstintf "internal"
set srcaddr "src_addr_before"
set dstaddr "dst_addr_group_before"
set action accept
set utm-status enable
set schedule "always"
set service "ANY"
set av-profile "av_profile_before"
set profile-protocol-options "proto_options_before"
next
end
FGT# sho firewall addrgrp
config firewall addrgrp
edit "dst_addr_group_before"
set member "address_before"
next
end
2. Rename objects.
FGT# config firewall address
FGT(address) # rename src_addr_before to src_addr_after
FGT(address) # end
FGT# config firewall addrgrp
FGT(addrgrp) # rename dst_addr_group_before to dst_addr_group_after
FGT(addrgrp) # end
FGT# config antivirus profile
FGT(profile) # rename av_profile_before to av_profile_after
FGT(profile) # end
FGT# config firewall profile-protocol-options
FGT(profile-protoc~l) # rename proto_options_before to proto_options_after
FGT(profile-protoc~l) # end
3. Verify object used in a Firewall Policy and addrgrp configuration after the changes.
FGT# show firewall policy 3
config firewall policy
edit 3
set srcintf "dmz"
set dstintf "internal"
set srcaddr "src_addr_after"
set dstaddr "dst_addr_group_after"
set action accept
set utm-status enable
set schedule "always"
set service "ANY"
set av-profile "av_profile_after"
set profile-protocol-options "proto_options_after"
next
end
FGT# sho firewall addrgrp
config firewall addrgrp
edit "dst_addr_group_after"
set member "address_after"
next
end