Bulk Reorder Policies

Forum|Forum|7 years ago
July 12, 2018
1 reply
6766 views

Is there a way to bulk reorder policies? I'm importing numerous policies into an existing firewall, and I'd like for them to be at the top. I know they will by default get input at the bottom. Is there a way to make them insert at the top, or is there a way to bulk move all policy id 100-200 before policy id 10?

5.4

tanr

New Member

You can use CLI to move one policy in front of another. The CLI manual section on firewall policy has the details. See https://forum.fortinet.com/tm.aspx?m=125508 for an example. Format is something like:

config firewall policy

move <policyid> {after | before} <policyid>

You could write a script to do something like this, but I'd be pretty leery of that -- a small error in the script could make for major problems.

If you're entering policies through the GUI you can always right click an existing policy and choose to insert a new one above or below it.

emnoc

New Member

Agreed

I would not want to bulk move policies. You could do a loop script and have the policies add before xyz, just make backups before and do a diff b4|after of the changes.

Alternative when you build policies the FMG would be ideal. You set a mask policy and in your batch scripts, you config firewall policy

edit 12001

bla blah

end

# get the new id as a double check

move 12001 before <9>

end

You run a small csv.file which tracks the last used <id#> and date and the next script run, will take the value at the bottom of the csv,file and +1 and repeat the process.

That's how I've done it in the past for the FortiOS and with a few other devices like PANOS where the system epoch time was used as name, since time is always increasing. You will never have a conflict and you always move the policy b4 the place holder.

Ken

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded