Technical Tip: How to count the total number of fi...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 197062

Description

This article describes a method to count the total number of firewall policies on a FortiGate.

CLI commands listed below will display the total number of policies, and how many policies are enabled or disabled.

Scope

FortiOS firmware (all versions).

Solution

Using the command modifier '| grep' instructs the firewall to 'search for' the information that follows (in quotes if multiple words are used).

Using the command modifier '-c' instructs the firewall to only 'count' the number of occurrences.

The command to count the total number of firewall policies:

sh full-configuration firewall policy | grep -c 'set status'

To count enabled firewall policies:

sh full-configuration firewall policy | grep -c 'set status enable'

To count disabled firewall policies.

sh full-configuration firewall policy | grep -c 'set status disable'

Implicit Deny Policy is not included in the count.

This can be applied to all contexts, not only to firewall policies.

Note: This only works per VDOM, and does not display a summary of all VDOMs. To see the output from another VDOM, that VDOM needs to be entered first.

15183

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to count the total number of firewall policies

You are leaving our website