Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vrajendran
Staff
Staff

Created on ‎11-08-2018 02:53 AM Edited on ‎03-13-2025 03:36 AM By Moderator

Article Id 198251

Technical Tip: How to clear or reset policy counters on the firewall Policy via CLI

Description

 

This article describes the procedure from CLI to clear policy counters.

 

Scope

 

FortiGate.


Solution

 

From GUI.

 

  1. In FortiOS v5.0.
  • Select the value of the Count field on the firewall policy under Policy -> Policy -> Policy.
  • Select 'Clear Counters' from the list.

  1. In FortiOS v5.2 ,v5.4,v5.6 and v6.0.

  • Select the value of the Count field on the firewall policy under Policy & Objects -> IPv4 Policy.
  • Select 'Clear Counters' from the list.

  1. In FortiOS v6.4.
  • Select the value of the Count field on the firewall policy under Policy & Objects -> Firewall Policy.
  • Select 'Clear Counters' from the list.

 

  1. In FortiOS 7.0+.

  • First, change the display of Policy & Objects -> Firewall Policy to include hit-counters because they are not visible by default.
  • 'Right-click' on the top of Hit Counters and select 'Clear Counters'.

 

                                   Hit-Counters.png

From CLI.

Run the following CLI command to reset the packet count option for the firewall policy:

 

diagnose firewall iprope clear 100004 <Policy ID>

 

Example: resetting the value of the count field for the Policy ID 3.

 

diagnose firewall iprope clear 100004 3

 

Clear more than 1 counter just adding policies ID.

 

diagnose firewall iprope clear 00100004 3 12 48  4

 

Counters from Policies ID 3, 12, 48, and 4 have been cleared.

The 'groupid' is 00100004, this value is for configurable firewall policies.

 

There are other groupid's for specific functions as listed below:

 

diagnose firewall iprope list 100002 <----- This will list static SNAT policies.

diagnose firewall iprope list 100000 <----- This will list VIP firewall policies.

diagnose firewall iprope list 100004 <----- This will list normal firewall policy -- forward policies.

diagnose firewall iprope list 10000e <----- This will list all implicit policies as listed in GUI. 

diagnose firewall iprope list 100015 <----- This will list all Traffic Shaping policies as listed in GUI.

diagnose firewall iprope list 100017 <----- This will list all simple ZTNA policies as listed in GUI.


The Policy ID number is different from the policy sequence number which is shown in the 'Seq#' column on the GUI.
The Policy ID number which is the index number of the firewall policy can be found under the 'ID' column on the GUI.

To reset the count field for all policies simply omit the <Policy ID>:

 

diagnose firewall iprope clear 100004

 

Related articles:

Technical Note: How to Reset Count on the Firewall Policy

Technical Note: How to clear policy counters from CLI

33769
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.