Skip to main content
nikolaj
nikolaj
New Member
May 19, 2017
Solved

what determines the policy ordering

  • May 19, 2017
  • 1 reply
  • 42877 views

Is the seq# that determines the order in which the policy are applied?

Thanks

 

    Best answer by ede_pfau

    Yes and no.

    Only the order within an interface pair is relevant. Policies are ordered by their appearance in the config file, top down.

    The sequence number is just an optical aid in the GUI - you won't find it anywhere in the config. It is numbered consecutively from the first to the last policy. So, it is not determining the order but adjusted to the order. Say, you drag a policy in the GUI to the top - it's sequence number will change.

    There's an unambiguous ID for each policy by which you can edit it in the CLI. The ID column can be shown in the GUI as well. But it is not relevant for the order of execution but the order of creation.

    1 reply

    ede_pfau
    SuperUser
    ede_pfauAnswer
    SuperUser
    May 19, 2017

    Yes and no.

    Only the order within an interface pair is relevant. Policies are ordered by their appearance in the config file, top down.

    The sequence number is just an optical aid in the GUI - you won't find it anywhere in the config. It is numbered consecutively from the first to the last policy. So, it is not determining the order but adjusted to the order. Say, you drag a policy in the GUI to the top - it's sequence number will change.

    There's an unambiguous ID for each policy by which you can edit it in the CLI. The ID column can be shown in the GUI as well. But it is not relevant for the order of execution but the order of creation.

    nikolaj
    nikolajAuthor
    New Member
    May 19, 2017

    So, in the Fortigate GUI, in the policy section with section view checked, I can see the interface pair.

    The numbers in ascending order in the first column represent the sequence in which the policy are executed?

     

    Kenundrum
    Kenundrum
    New Member
    May 19, 2017

    nikolaj wrote:

    The numbers in ascending order in the first column represent the sequence in which the policy are executed?

     

    As long as Sequence# is the first column in your gui. You can right click on the column heading to add/remove columns. The tell-tale is that the sequence# does not have a clickable link whereas the policy id does. I use both the sequence# and the policy ID as the first two columns because i need to refer to the ID for change tracking.

    Terms & ConditionsAccessibility statement