FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vpalli
Staff
Staff
Description

This article provides information about how to display the sequence number of firewall policies in the order that they are arranged on GUI. The sequence number is different from the numeric ID given to the firewall policy.

When policies are moved up or down using drag and drop on GUI, the numeric ID of the firewall policies may be shown out of order or not in sequence.

Scope FortiGate.
Solution

Firewall policies created on FortiGate using GUI/CLI contain a numeric ID and every new firewall policy gets a number in ascending order fashion.

 

The output #diagnose firewall iprope list 100004 displays the Kernel iprope rules that are checked in sequence while processing end-user traffic to allow or deny the session.

 

#diagnose firewall iprope list 100004

policy index=45 uuid_idx=719 action=accept
flag (8050100): nat master use_src pol_stats
flag2 (1004000): resolve_sso ses-persistent
flag3 (a0): link-local best-route
schedule(always)
cos_fwd=255 cos_rev=255
group=00100004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 6 -> zone(1): 6
source(1): 0.0.0.0-255.255.255.255, uuid_idx=500,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=500,
service(1):
[0:0x0:0/(0,65535)->(0,65535)] helper:auto

 

 

policy index=44uuid_idx=720 action=accept
flag (8050100): nat master use_src pol_stats
flag2 (1004000): resolve_sso ses-persistent
flag3 (a0): link-local best-route
schedule(always)
cos_fwd=255 cos_rev=255
group=00100004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 41 -> zone(1): 6
source(1): 0.0.0.0-255.255.255.255, uuid_idx=500,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=500,
service(1):
[0:0x0:0/(0,65535)->(0,65535)] helper:auto


policy index=0 uuid_idx=1 action=drop
flag (8010800): d_rm master pol_stats
flag2 (4000): resolve_sso
flag3 (100): last-deny
schedule()
cos_fwd=0 cos_rev=0
group=00100004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[0:0x0:0/(0,0)->(0,0)] helper:auto


The 'policy index' value indicates the numeric ID of the firewall policy and the 'uuid_idx' corresponds to the ordered sequence number of the firewall policy.
Contributors