Skip to main content
Steven_Lengua
Steven_Lengua
New Member
September 15, 2014
Question

Check Where Firewall Objects are Used

  • September 15, 2014
  • 3 replies
  • 20527 views
I" m a Checkpoint Firewall guy. Yes, I know this is the wrong way to start a Fortinet forum post...haha. In the Checkpoint Firewall you could right click on a firewall object and it would show you where in the policy this object is used. Is there an equivalent feature within the Fortinet Fortigate 600C? I have a list of firewall objects but have to dig through the policy to see where the objects are used. Yeppers, I' m new to Fortinet. Thanks!

    3 replies

    Christopher_McMullan
    Staff
    Christopher_McMullan
    Staff
    September 15, 2014
    Hello Steven, Whoever owned a firewall before Fortinet was founded needed to start at some point by saying " I' m a [other vendor] guy" . No worries there. Most object pages in the GUI (addresses, VIPs, schedules, etc.) can have a column added to show References. Clicking on these hyperlinks will show you which policies and other objects reference each other. There is a way to view the same information in the CLI, though there isn' t a full table of possible values, AFAIK. The syntax for me has been guesswork: diag sys checkused path.object.mkey For example, for the WAN1 interface on one of my firewalls: FortiMcWiFi # diag sys checkused system.interface.name wan1 entry used by table system.interface:name ' FCT_IPSec' entry used by table system.interface:name ' FortinetVPN' entry used by child table dashboard:id ' 43' of table system.admin:name ' admin' entry used by child table monitor-interface:interface-name ' wan1' of table system.ddns:ddnsid ' 1' entry used by complex system.modem:interface entry used by table vpn.ipsec.phase1:name ' policy_test' entry used by table vpn.ipsec.phase1-interface:name ' FCT_IPSec' entry used by table vpn.ipsec.phase1-interface:name ' FortinetVPN' entry used by table firewall.vip:name ' McPLEX_TCP' entry used by table firewall.vip:name ' McPLEX_UDP' entry used by table firewall.vip:name ' PBX - HTTP_XML' entry used by table firewall.vip:name ' PBX - SIP' entry used by table firewall.vip:name ' PBX - TFTP' entry used by table firewall.vip:name ' RTP - 6100' entry used by table firewall.vip:name ' RTP - 6102' entry used by table firewall.vip:name ' RTP - 6104' entry used by table firewall.vip:name ' RTP - 6106' entry used by table firewall.vip:name ' RTP - 6108' entry used by table firewall.vip:name ' RTP - 6110' entry used by table firewall.vip:name ' RTP - 6112' entry used by table firewall.vip:name ' RTP - 6114' entry used by table firewall.vip:name ' michael_rdp' entry used by table firewall.vipgrp:name ' McPLEX_VIP' entry used by table firewall.vipgrp:name ' PBX' entry used by child table srcintf:name ' wan1' of table firewall.policy:policyid ' 31' ... etc.
    jorge9090
    jorge9090
    New Member
    September 15, 2014
    Go to the Firewall objects and enable the " Ref." column, there you will see where it is used.
    rwpatterson
    rwpatterson
    New Member
    September 16, 2014
    Technically, it will show you in how many places it' s used. When you drill further down (click on the link), it will tell you where it' s being used.
    Steven_Lengua
    Steven_LenguaAuthor
    New Member
    September 16, 2014
    Awesome!! These suggestions are just what I needed. The reference column did the trick. Think I' m starting to like this firewall.
    bommi
    bommi
    New Member
    June 18, 2019

    Buy a FortiManager and you will get your "Where used" feature ;)

    Terms & ConditionsAccessibility statement