Description
When troubleshooting or verifying lots of IPv4 policies, it cannot be directly extracted on FortiGate to a CSV file.
Only FortiManager can extract IPv4 policies to the CSV files.
This article describes how to extract IPv4 Policies on the FortiGate and convert them to CSV files with good visibility.
Note that Fortinet Technical Support does not provide any troubleshooting assistance for extracting IPv4 Policies from your FortiGate config file to a CSV file.
It is possible to use the below method for the below 6.4 versions.
Scope
FortiGate.
Solution
1). Use this script fgpoliciestocsv.py.
Download it via the link below:
https://github.com/maaaaz/fgpoliciestocsv/find/master?q=
2). Export the configuration of the FortiGate, by the backup or command line (FortiGate configuration file: 'Fortinet_2019121….conf').
3). In the configuration file, search the 'config firewall policy', then copy and paste IPv4 policies to cfg file (cfg file: 'fgfw.cfg').
4). Execute the script fgpolciestocsv.py.
- Upload files (fgfw.cfg, fgpoliciestocsv.py) to Unix or Linux based OS.
Upload these files via https://winscp.net/eng/download.php if WinSCP is used.
- Upload files (fgfw.cfg, fgpoliciestocsv.py) to Unix or Linux based OS.
Upload these files via https://winscp.net/eng/download.php if WinSCP is used.
5). Input the command of 'fgpoliciestocsv.py -i [cfg file name].cfg' find 'policies-out.csv' file.
Use WINSCP to move the file to the Windows OS and run it in Excel.
6). Convert Text to columns in the Excel going to Delimited -> Tab and Semicolon.
If you want to download all the policy details including the byte counts from the firewall GUI on the 7.0.2 and above version follow the below steps.
To export the firewall policy list to a CSV or JSON file:
- Go to Policy & Objects > Firewall Policy.
- In the toolbar above the list, click Export.
- Select CSV or JSON.
