Technical Tip : Using the "edit 0" option during FortiGate configuration to avoid overwriting existing parameters
Description
Solution
When adding some part of configuration that use indexes, the "edit 0" option can be used to avoid overwrite existing settings.
By using the option "edit 0", the FortiGate will choose the next following index available to add the new objects. This can apply to static routes, firewall policies, policy based routes....
The use of this option is illustrated in the following examples.
By using the option "edit 0", the FortiGate will choose the next following index available to add the new objects. This can apply to static routes, firewall policies, policy based routes....
The use of this option is illustrated in the following examples.
Solution
| Example 1: To add a new static route to the following existing config. FG1 # show router static
If the following commands are used they will overwrite static route 1:
To prevent this happening, use the following:
The config can now be checked to see that static route index 2 has been added. FG1 # show router static
|
| Example 2: To add a new firewall policy to the following existing config. FG1 # show firewall policy
If the following commands are used they will overwrite firewall policy 1:
Using the following commands will create a new firewall policy with the next available index:
The config can now be checked to see that firewall policy #6 has been added: FG1 # show firewall policy
|
| Example 3: Adding a section to the configuration using copy/paste to the CLI without overwriting existing firewall policies. config firewall policy edit 0 set srcintf "port4" set dstintf "port1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ANY" set nat enable next edit 0 set srcintf "toFG2" set dstintf "port4" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ANY" next end |