FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nnair
Staff
Staff
Article Id 250799
Description

 

This article explains how to find the IPv4 policy id for troubleshooting.

 

Scope

 

FortiGate.

 

Solution

 

Navigate to Policy and Objects -> Firewall Policy. Select the gear icon and select 'ID' as shown below. A new column 'ID' will show up on the right which shows policy IDs for each policy. 

 

ID.png

 

It is also possible to see the policy ID indicated in each policy in the top right corner when editing it.

 

Refer to the image below:

 

Anthony_E_1-1695889011737.png

 

 

Policy ID can be seen from the CLI also.

 

Open the CLI console. Type below command:

 

show firewall policy

 

Anthony_E_2-1695889011735.png

 

The above snapshot shows that the policy ID is '3' for the 'vpn_Test_remote_0' policy.

 

It is also possible to use the below command in the CLI to find the matching policy:


diagnose firewall iprope lookup <src ip> <src port> <dst ip> <dst port> <protocol> <Incoming_interface>

 

Note 1: in FortiOS v7.4 or higher, the policy ID is automatically showing after the policy name:

 

policy id.PNG

 

Note 2: In FortiOS v7.4 or higher, the policy can be searched using the comment description. For this to work, ensure that the comment column must be added to the GUI policy page, otherwise, search results will not return the matching policy.

 

Comment policy.jpg

 

Policy ID can also be configured manually from the GUI when Policy Advanced Options is enabled under Feature Visibility. FortiGate will assign a dynamic policy ID if it is left as 0.

 

To enable the Policy Advance option from CLI:

 

config system settings
    set gui-advanced-policy enable
end

 

 

 Policy ID.PNG

 

Related video:

How to Find Policy ID

Comments
rtichkule
Staff
Staff

Useful article.