Skip to main content
A
Anonymous_User
Contributor
July 10, 2008
Question

HOW TO : extract my firewall policies

  • July 10, 2008
  • 9 replies
  • 5329 views
Hi, I' m a new member there, so : hello everybody ! I wrote there to solve a problem i' ve to face... I just ended to configure my firewall policies (fortigate 300A) and my IT director tell me to send him a text file, containing all the policies i' ve set. I dont know how to extract all rules in a text file... I tried to copy/paste its from the console access but it give me all commands to set the policies... Not a sweet file like the tab on the admin firewall configuration webpage... I can' t get the source page from the web interface to... (getting the tab in html code) Did someone have a solution please ? (i passed around 15minutes shearching answer on forums there but i found no response to my question...) Regards, Haristar.

    9 replies

    UkWizard
    UkWizard
    New Member
    July 10, 2008
    Run an ssh client so you can log the output to a file, then ssh into the firewall, and run the commands; config firewall policy show end this will print to screen all the policies, instead of the whole config.
    A
    Anonymous_UserAuthor
    Contributor
    July 11, 2008
    Hi, thanks for help ! I already did this thing and it works properly... But it makes a really ' brute' extract of rules... So i asked for another solution, targetting to have a more ' readable' file format. (or less " technical like" ) For example, the ssh method gives :
    edit 18 set srcintf " port6" set dstintf " port5" set srcaddr " all" set dstaddr " all" set action accept set schedule " always" set service " ANY" set profile-status enable set logtraffic enable set profile " scan_Internal" next
    But it doesn' t say details of : port6, port 5, all... I would prefer have an extract in tab format, something like the tab by webadmin access method. If nothing can do that, i will keep the ssh method. Thanks again ;)
    UkWizard
    UkWizard
    New Member
    July 11, 2008
    their isnt an easier way, only grabbing screenshots of the gui policy or copy and pasting the tables of the gui policy. latter works fairly well when copy and pasting into word.
    A
    Anonymous_UserAuthor
    Contributor
    July 11, 2008
    Well, thanks again for your help :)
    UkWizard
    UkWizard
    New Member
    July 11, 2008
    No problem. welcome to the forum..
    A
    Anonymous_UserAuthor
    Contributor
    July 11, 2008
    Try pasting the screenshots into Excel rather than Word. They' re easier to read because Excel does' nt re-size them, and you don' t have to worry about page breaks.
    UkWizard
    UkWizard
    New Member
    July 11, 2008
    Actually thats just reminded me, you can copy from the GUI and paste into excel. and it keeps the tables fairly well preserved. could then save that into a comma delimited file is you feel thats more readable.
    A
    Anonymous_UserAuthor
    Contributor
    July 11, 2008
    Already tried this tips ! But thanks again :)
    abelio
    SuperUser
    abelio
    SuperUser
    July 11, 2008
    If you don' t want pay for a software that parse your config file, backup the whole configuration in a text file (no encription) and edit accordingly; in that backup file you' ll have every setting that have changed from defaults. If you want to pay for a parser, Autodoc from http://www.autodoc.ch/ guys is a nice and quick solution to keep your documentation updated.
    A
    Anonymous_UserAuthor
    Contributor
    July 11, 2008
    Seems to be exactly what i need ^^ Thanks for url
    Terms & ConditionsAccessibility statement