Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Agent_1994
Contributor

iprope group ids and their meaning

Hello Forum

 

 I'm posting this because I'm trying to find a list of ipprope groups id and their meaning. So far I couldn't find anything and onl cross referenced some like these:

[ul]
  • 100000: virtual IPs or destination nat
  • 100004: IPv4 policies
  • 100015: traffic shapers.[/ul]

     But the list is way bigger:

     

    # diagnose firewall iprope state av_break=off/off av_conserve=off Alloc: iprope=137 shaper=13 user=168 nodes=8 pol=41 [...] total group number = 17 act=2 00004e20 00000001 00004e21 00100012 00004e22 00100003 00004e23 00000003 00100004 00000005 00000006 00000007 00000008 0010000a 0010000c 0010000e 0010000f

     Why am I doing this? Among other things, it makes easier to read stuff like "debug flow".

     

     Any hints? Thanks in advance.

     

  • 2 REPLIES 2
    darwin_FTNT
    Staff
    Staff

     

    ID_EXEMPT                        1

    VPN_DIALUP                       2

    AUTH_DEFAULT                     3

    EMAIL_PORTAL                     5

    DEVICE_PORTAL                    6

    ENDPOINT_PORTAL                  7

    BLK_NOTIF_PORTAL                 8

    VPNHUB                       0x100

    INTF_POLICY_BASE           0x50000

    INTF_POLICY_MAX            0x5FFFF

    DOS_POLICY_BASE            0x60000

    DOS_POLICY_MAX             0x6FFFF

    ACL_POLICY_BASE            0x70000

    ACL_POLICY_MAX             0x7FFFF

    DNAT                      0x100000

    IN                        0x100001

    STATIC_SNAT               0x100002

    DEC_FWD                   0x100003

    ENC_FWD                   0x100004

    AV                        0x100005

    IPSECNAT                  0x100007

    DNSTRANSLATE              0x100008

    NETBIOS                   0x100009

    MC_POLICY                 0x10000A

    EP_REDIR                  0x10000C

    CENTRAL_NAT               0x10000D

    IMPLICIT_IN               0x10000E

    ADMIN_IN                  0x10000F

    TTL_IN                    0x100011

    NAT_AF                    0x100012

    EXEMPT                    0x100013

    EXEMPT_DEFAULT            0x100014

    SHAPING                   0x100015

    SPLIT_BASE                0x200005

    SPLIT_MAX                 (SPLIT_BASE + 0x100000 - 1)

    enum {BASE_AV_GROUP_NUM = 20000};       // 0x00004e20

    Agent_1994

    darwin wrote:

     

    ID_EXEMPT                        1

    VPN_DIALUP                       2

    AUTH_DEFAULT                     3

    [...]

     Darwin, I owe you a whole truck of beer (or a beverage of your choice :) ). Thanks.