FortiADC Firewall Policy or NAT-SNAT Policy rules can be a long list of policy rules. The order sequence of the Firewall Policy and NAT-SNAT can matter as the rules are executed from top to bottom of the list. Unlike FortiGate, FortiADC does not support dragging the policy rules to change the order sequence; the 'Move Up' or 'Move Down' buttons are the only options in FortiADC management GUI to change the policy rules order sequence.

To quickly change the sequence order of FortiADC Firewall Policy or NAT-SNAT Policy rules, CLI commands can be used to achieve that.

Change FortiADC NAT-SNAT Policy sequence order using CLI commands:

1. In the example, the FortiADC is configured with a network NAT-SNAT policy up to 100 rules. A rule 'SNAT01' is located at the bottom of the rule list.
                                                                 

2. Open the FortiADC CLI console panel or log in to the FortiADC SSH shell access. Use the example of the commands below to re-order the 'SNAT01' rule to be on top of 'SNAT02'.

config firewall nat-snat

move SNAT01 before SNAT02

end

3. Refresh the FortiADC Source NAT page, and the SNAT rule 'SNAT01' should be on top of the 'SNAT02' rule now.
                                                                 

4. To move or re-order the SNAT policy rule to the bottom, use the example commands below. The SNAT policy rule 'SNAT01' will be moved to the sequence after 'SNAT100'.

config firewall nat-snat

move SNAT01 after SNAT100

end

5. Refresh the FortiADC Source NAT page again, and the SNAT rule 'SNAT01' should be after the 'SNAT100' rule.
                                                                      

Related documents:

Configuring source NAT

config firewall policy