Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hgarara
Staff
Staff

Created on ‎12-06-2022 10:47 PM Edited on ‎09-18-2025 07:19 AM By Moderator

Article Id 232467

Technical Tip: Configure sequence grouping for firewall policies for 'Sequence Grouping View' view

Description

 

This article describes how to configure or remove sequence grouping created automatically while migrating from other vendors to FortiGate using FortiConverter.

 

Scope

 

FortiGate.

 

Solution

 

Sequence grouping uses a top-to-bottom approach. Before sequence grouping:

SEQ_2.JPG

To create a change, Firewall Policy View to 'Sequence Grouping View', 'right-click to Firewall Policy where the grouping will start. In this example, the grouping will start on firewall policy ID 2.

From GUI:

SEQ_1.JPG


From CLI:

config firewall policy

    edit 2

        set global-label TEST_GROUP

end

 

Note: The 'global-label' configuration does not appear when using the 'show' or 'show full' commands. However, it is still visible in the backup configuration file downloaded from the GUI.

Also this command is not auto-completed by pressing the TAB key.

 

After sequence grouping:

 

SEQ_3.JPG

It is important to remember that any policies which do not have a group label (uncategorized) and appear after the configured policy ID, will appear under the preceding policy group label.

 

For example: 

 

  1. policy.global-label == ''
  2. policy.global-label == 'group1'
  3. policy.global-label == 'group1'
  4. policy.global-label == ''
  5. policy.global-label == 'group2'
  6. policy.global-label == ''
  7. policy.global-label == 'group2'
  8. policy.global-label == 'group1'

 

In the GUI, the table will look like the following:

 

  • section 1 - uncategorized
  • policy 1
  • section 2 - group1
  • policy 2, 3, 4
  • section 3 - group2
  • policy 5, 6, 7
  • section 4 - group1 (# 2)  
  • policy 8

 

If a group label is used again by a later policy, on the GUI, this will appear as group-name followed by the number of times it has been reused e.g. group1 (# 2). This is shown in section 4 and is expected behaviour, which has been implemented to ensure stability when pushing and pulling this configuration from FortiManager.

 

To rename and delete sequence grouping, 'Right-click' on the first firewall policy within the Group. 

 

SEQ_4.JPG

To move the firewall policy to a different group, Right-click on the desired firewall policy. 

 

SEQ_5.JPG

To insert a new sequence group, 'Right-click on the desired firewall policy where the new grouping will start. 

SEQ_6.JPG

 

Related articles:

Technical Tip: Renaming sequence grouping for firewall policies for 'By sequence grouping' view 

Technical Tip: How to retrieve policy sequence groups from FortiGate 

24141
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.