How to move a policy in the policy list from a CLI.

Forum|Forum|14 years ago
June 24, 2011
2 replies
8547 views

Hi, The official document says as follwing... ***************************************** Rearranging policies Moving a policy in the firewall policy list does not change its ID, which only indicates the order in which the policy was created. To move a policy in the policy list 1 Go to Firewall > Policy > Policy. 2 In the firewall policy list, note the ID of a firewall policy that is before or after your intended destination. 3 Select the row corresponding to the firewall policy you want to move and select Move. 4 Select Before or After, and enter the ID of the firewall policy that is before or after your intended destination. This specifies the policyâ€™s new position in the firewall policy list. 5 Select OK. ***************************************** How to move a policy in the policy list from a CLI. Regards, okumura

ede_pfau

SuperUser

Hi,

 config firewall policy  move <id1> before|after <id2>

After typing ' config firewall policy' , type ' ?' . You get the commands available. After ' move' , type ' ?' . You get the policy IDs. ...you get the notion. ' ?' is your friend.

A

Anonymous_UserAuthor

Contributor

Hi ede, I could find the ' move' command after typing ' ?' . Thank you for your help. But... In the document of v2_80, (http://ftp.tc.edu.tw/conference/product/wp_FortiGate_v2_80_cli_ref_guide.pdf) " show" or " move" command is mentioned as below. ************************* â–¡policy Use this command to add, edit or delete firewall policies. Firewall policies control all traffic passing through the FortiGate unit. Firewall policies are instructions used by the FortiGate unit to decide what to do with a connection request. The policy directs the firewall to allow the connection, deny the connection, require authentication before the connection is allowed, or process the packet as an IPSec VPN packet. Command syntax pattern config firewall policy edit <id_integer> set <keyword> <variable> config firewall policy edit <id_integer> unset <keyword> config firewall policy delete <id_integer> config firewall policy move <id_integer> {after <id_integer> | before <id_integer>} get firewall policy [<id_integer>] show firewall policy [<id_integer>] ************************* but in 4.0MR2, (http://docs.fortinet.com/fgt40mr2.html) " show" or " move" command is not mentioned. See below... ************************* â–¡policy, policy6 Use this command to add, edit, or delete firewall policies. Firewall policies control all traffic passing through the FortiGate unit. Firewall policies are instructions used by the FortiGate unit to decide what to do with a connection request. The policy directs the firewall to allow the connection, deny the connection, require authentication before the connection is allowed, or apply IPSec or SSL VPN processing. Note: If you are creating an IPv6 policy, some of the IPv4 options, such as NAT and VPN settings, are not applicable. Syntax config firewall policy, policy6 edit <index_int> set action {accept | deny | ipsec | ssl-vpn} set application {enable | disable} set auth-cert <certificate_str> ãƒ»ãƒ»ãƒ» ãƒ»ãƒ»ãƒ» ãƒ»ãƒ»ãƒ» ************************* Why Fortinet delete those commands from the current document?

ede_pfau

SuperUser

Look at this, from v4.00 MR2 patch 7 (b324):

 gate # conf fi policy     gate (policy) #   edit      add/edit a table value  delete    delete a table value  purge     clear all table value  move      move an ordered table value  clone     clone a table entry  get       get dynamic and system information  show      show configuration  end       end and save last config

The commands still are there. Try again - type ' config firewall policy' , RETURN, and then ' ?' .

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded