Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Steven_Lengua
New Contributor

Check Where Firewall Objects are Used

I" m a Checkpoint Firewall guy. Yes, I know this is the wrong way to start a Fortinet forum post...haha. In the Checkpoint Firewall you could right click on a firewall object and it would show you where in the policy this object is used. Is there an equivalent feature within the Fortinet Fortigate 600C? I have a list of firewall objects but have to dig through the policy to see where the objects are used. Yeppers, I' m new to Fortinet. Thanks!

CAlengua

CAlengua
5 REPLIES 5
Christopher_McMullan

Hello Steven, Whoever owned a firewall before Fortinet was founded needed to start at some point by saying " I' m a [other vendor] guy" . No worries there. Most object pages in the GUI (addresses, VIPs, schedules, etc.) can have a column added to show References. Clicking on these hyperlinks will show you which policies and other objects reference each other. There is a way to view the same information in the CLI, though there isn' t a full table of possible values, AFAIK. The syntax for me has been guesswork: diag sys checkused path.object.mkey For example, for the WAN1 interface on one of my firewalls: FortiMcWiFi # diag sys checkused system.interface.name wan1 entry used by table system.interface:name ' FCT_IPSec' entry used by table system.interface:name ' FortinetVPN' entry used by child table dashboard:id ' 43' of table system.admin:name ' admin' entry used by child table monitor-interface:interface-name ' wan1' of table system.ddns:ddnsid ' 1' entry used by complex system.modem:interface entry used by table vpn.ipsec.phase1:name ' policy_test' entry used by table vpn.ipsec.phase1-interface:name ' FCT_IPSec' entry used by table vpn.ipsec.phase1-interface:name ' FortinetVPN' entry used by table firewall.vip:name ' McPLEX_TCP' entry used by table firewall.vip:name ' McPLEX_UDP' entry used by table firewall.vip:name ' PBX - HTTP_XML' entry used by table firewall.vip:name ' PBX - SIP' entry used by table firewall.vip:name ' PBX - TFTP' entry used by table firewall.vip:name ' RTP - 6100' entry used by table firewall.vip:name ' RTP - 6102' entry used by table firewall.vip:name ' RTP - 6104' entry used by table firewall.vip:name ' RTP - 6106' entry used by table firewall.vip:name ' RTP - 6108' entry used by table firewall.vip:name ' RTP - 6110' entry used by table firewall.vip:name ' RTP - 6112' entry used by table firewall.vip:name ' RTP - 6114' entry used by table firewall.vip:name ' michael_rdp' entry used by table firewall.vipgrp:name ' McPLEX_VIP' entry used by table firewall.vipgrp:name ' PBX' entry used by child table srcintf:name ' wan1' of table firewall.policy:policyid ' 31' ... etc.

Regards, Chris McMullan Fortinet Ottawa

jorge9090
New Contributor

Go to the Firewall objects and enable the " Ref." column, there you will see where it is used.
rwpatterson
Valued Contributor III

Technically, it will show you in how many places it' s used. When you drill further down (click on the link), it will tell you where it' s being used.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Steven_Lengua
New Contributor

Awesome!! These suggestions are just what I needed. The reference column did the trick. Think I' m starting to like this firewall.

CAlengua

CAlengua
bommi

Buy a FortiManager and you will get your "Where used" feature ;)

NSE 4/5/7

NSE 4/5/7
Labels
Top Kudoed Authors