Description
This article explains how to find the IPv4 policy id for troubleshooting.
Scope
FortiGate.
Solution
Navigate to Policy and Objects -> Firewall Policy. Select the gear icon and select 'ID' as shown below. A new column 'ID' will show up on the right which shows policy IDs for each policy.
It is also possible to see the policy ID indicated in each policy in the top right corner when editing it.
Refer to the image below:
Policy ID can be seen from the CLI also.
Open the CLI console. Type below command:
show firewall policy
The above snapshot shows that the policy ID is '3' for the 'vpn_Test_remote_0' policy.
It is also possible to use the below command in the CLI to find the matching policy:
diagnose firewall iprope lookup <src ip> <src port> <dst ip> <dst port> <protocol> <Incoming_interface>
Note 1: in FortiOS v7.4 or higher, the policy ID is automatically showing after the policy name:
Note 2: In FortiOS v7.4 or higher, the policy can be searched using the comment description. For this to work, ensure that the comment column must be added to the GUI policy page, otherwise, search results will not return the matching policy.
Policy ID can also be configured manually from the GUI when Policy Advanced Options is enabled under Feature Visibility. FortiGate will assign a dynamic policy ID if it is left as 0.
To enable the Policy Advance option from CLI:
config system settings
set gui-advanced-policy enable
end
Related video:
