Fortigate Firewall Policy Export

thedude78 · ‎12-20-2016

Hello,

I am looking for a way to export the policies from my Fortigate into a user readable format so that we can perform an internal audit to ensure that all of our active policies are actually needed. Has anyone seen a way to do this?

If there is no native tool I will have to copy the policies out of the config file and generate a script that can parse through the text to output it to CSV or other usable format. But I would rather not reinvent the wheel.

Thanks

PauloRaponi · ‎12-21-2016

Try it: https://github.com/Fatal-Halt/FortiGate-Config-Parser

Regards,

Paulo Raponi, NSE8

aagrafi · ‎01-04-2017

Hi,

The firewall policy can be found in human readable format in the FortiGate's configuration. It is under "config firewall policy" section and it is a series of commands in the following syntax:

config firewall policy
edit
...
...

...

You can retrieve the whole firewall policy as a text file, by issuing a "show" command under config firewall policy and then parse it as you wish. I don't know of any parsing tool, but I'm sure there are some in the net.

Regards

Andreas

JerrPurv · ‎04-15-2020

And here's a KnowledgeBase article that spells out a clean way to do what you need:

https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD33201&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=136844876&stateId=1%200%20136846255')

Fortigate Firewall Policy Export

Nominate a Forum Post for Knowledge Article Creation