Description
This article describes how to configure or remove sequence grouping created automatically while migration from other vendors to FortiGate using FortiConverter.
Scope
FortiGate.
Solution
Sequence grouping uses a top-to-bottom approach. Before sequence grouping:
To create a change Firewall Policy View to 'Sequence Grouping View', 'right-click' to Firewall Policy where the grouping will start. In this example, the grouping will start on firewall policy ID 2.
From GUI:
From CLI:
config firewall policy
edit 2
set global-label TEST_GROUP
end
After sequence grouping:
It is important to remember that any policies which do not have a group label (uncategorized) and appear after the configured policy ID, will appear under the preceding policy group label. For example:
- policy.global-label == ''
- policy.global-label == 'group1'
- policy.global-label == 'group1'
- policy.global-label == ''
- policy.global-label == 'group2'
- policy.global-label == ''
- policy.global-label == 'group2'
- policy.global-label == 'group1'
In the GUI, the table will look like the following:
- section 1 - uncategorized
- policy 1
- section 2 - group1
- policy 2, 3, 4
- section 3 - group2
- policy 5, 6, 7
- section 4 - group1 (# 2)
- policy 8
If a group label is used again by a later policy, on the GUI this will appear as group-name followed by the number of times it has been reused e.g. group1 (# 2). This is shown in section 4 and is expected behaviour which has been implemented to ensure stability when pushing and pulling this configuration from Fortimanager.
To Rename and Delete sequence grouping, 'Right-click' on the first firewall policy within the Group.
To Move the firewall policy to a different group, 'Right-click' on the desired firewall policy.
To Insert a new sequence group, 'Right-click' on the desired firewall policy where the new grouping will start.
