New Member

Question

Sequence number (Seq#) field: where is it?

Forum|Forum|5 years ago
February 8, 2021
3 replies
6415 views

Hi,

In my FortiGate firewall GUI (they are all running version 6.x), each policy rule has an ID field. But in some screenshots (mostly of firewalls running older software versions) I have seen the possibility to display a "Seq.#" (sequence number) column too. E.g. there's a screenshot in this forum thread that has this Seq#: https://forum.fortinet.com/tm.aspx?m=115842

However I can't seem to find that Seq# anywhere in the GUI.

How can one display this?

Have they removed this in version 6?

rwpatterson

New Member

Welcome to the forums.

Right click on the top bar with ID, Source, Destination. etc. A drop down will appear and in there you can select what appears in the top header.

WD40Author

New Member

Thanks Robert, but unfortunately the Seq# is not in that list.

JerBae

Explorer II

I can also confirm having a FGT config running FOS 7.0.17 not displaying the "Seq. #" column.

I upgraded this config in a VM to 7.2.11 and 7.4.7 and could not find this sequence column reappearing. I don't know how old is the initial FGT config that I have. I found nowhere a clue about it, on Docs, Community, etc. Bizarre thing.

Toshi_Esumi

SuperUser

This has a quite history in FortiOS's GUI generations. But the bottom line is the Sequence number is just the order of policies in the config file, in other words the array number (+1) like a[0(Seq#1)], a[1(Seq#2)], ..... Historically it was shown at the first column in the policy GUI in earlier versions of FortiOS.
But that number can't be referred by other part of config or in debug output. That's because inside of FortiOS, ID is used to refer to individual policies. Like the policy ID#0 for the implicit deny policy at the very end of the sequence.

And the sequence numbers in GUI often caused confusion for those who just started using/learning FGTs because it's not used anywhere else to refer to. Therefore, at some point like 6.x, it stopped showing in GUI. If you want to know the sequence/order in config file, you just need to choose Sequence view or by Sequence in GUI. If you go to CLI, it's much more obvious like below:

fg40f-utm (policy) # edit ?
policyid Policy ID (0 - 4294967294).
24
2
8
1
30
6
26
7
11
15
16
17
18
25
19
20
21
22
23
27
28

It's showing IDs in sequence when you hit ? after edit. Seq#1=ID#24, Seq#2=ID#2, and so on in above. You can move each policy in the sequence like "move 2 before 24" to move the policy to the top. But you can't refer either of them by the sequence number.

Nothing bizarre about the change in history but natural progression of FortiOS when it's getting more mature for last 25 years. If you're a programmer, you would understand this almost instantly.

Toshi

JerBae

Explorer II

Thanks a lot for your reply Toshi, I like your explanation.

It is OK with only the ID as reference, in the CLI and in the GUI.

I worked for some time on the FortiManager and it is still displaying a Sequence column, maybe because not at its latest version (mixed ADOMs...). I did not look policies on the FortiGate until recently and noticing the absence of Seq.

dingjerry_FTNT

Staff

Hi @WD40 ,

I believe that your Firewall Policy view is in "Interface Pair View" mode. In this mode, there is no "seq #" option in the view.

dingjerry_FTNT

Staff

If you choose "By Sequence" mode, you will have the "seq #" option in the view.

Toshi_Esumi

SuperUser

At least with 7.4.7, I don't see "Seq #" anywhere even with "By Sequence" or "Sequence Grouping View", regardless New layout or classic layout. ID shows in parentheses in the policy name column though.

Toshi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded