Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ydong01
Staff
Staff

Created on ‎11-03-2024 08:28 AM

Article Id 353993

Technical Tip: How to find unused (no hit count) policy in FortiGate via API

Description This article describes two API methods to find an unused policy easily for IT audit.
Scope FortiGate.
Solution

In the FortiGate policy default view, there is no column for hit count. It looks like this:

 

normal-policy.PNG

 

It is necessary to select Configure Table to add a Hit Count column. After that, the firewall policy looks like this:

 

add-hitcount.PNG

 

A 0 hit count policy means the policy is not in use, which matches IT audit requirement. However, this is not easy when the policy is big.

 

There are 2 methods to do the same thing via the API, which will be useful for a programming audit.

 

Example:

Firewall policy 1 is in use, firewall policy 2 hit count is 0 which means it is not in use and can be deleted.

  1. Use the browser: 

     https://<FortiGate IP>/api/v2/monitor/firewall/policy/?vdom=Internet&access_token=<access token>

hitcount-api.PNG

 

  1. Use the CLI:

curl -k -X 'GET' 'https://<FortiGate IP>:443/api/v2/monitor/firewall/policy/?vdom=Internet&access_token=<access token>' -H 'accept: application/json'

 

hitcount-cli-1.PNG

 

hitcount-cli-2.PNG

 

For more details, visit https://fndn.fortinet.net/.
Labels:
216
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.