Bulk Reorder Policies

dwear · ‎07-12-2018

Is there a way to bulk reorder policies? I'm importing numerous policies into an existing firewall, and I'd like for them to be at the top. I know they will by default get input at the bottom. Is there a way to make them insert at the top, or is there a way to bulk move all policy id 100-200 before policy id 10?

tanr · ‎07-12-2018

You can use CLI to move one policy in front of another. The CLI manual section on firewall policy has the details. See https://forum.fortinet.com/tm.aspx?m=125508 for an example. Format is something like:

config firewall policy

move <policyid> {after | before} <policyid>

You could write a script to do something like this, but I'd be pretty leery of that -- a small error in the script could make for major problems.

If you're entering policies through the GUI you can always right click an existing policy and choose to insert a new one above or below it.

emnoc · ‎07-12-2018

Agreed

I would not want to bulk move policies. You could do a loop script and have the policies add before xyz, just make backups before and do a diff b4|after of the changes.

Alternative when you build policies the FMG would be ideal. You set a mask policy and in your batch scripts, you config firewall policy

edit 12001

bla blah

end

# get the new id as a double check

move 12001 before <9>

end

You run a small csv.file which tracks the last used <id#> and date and the next script run, will take the value at the bottom of the csv,file and +1 and repeat the process.

That's how I've done it in the past for the FortiOS and with a few other devices like PANOS where the system epoch time was used as name, since time is always increasing. You will never have a conflict and you always move the policy b4 the place holder.

Ken

PCNSE

NSE

StrongSwan

Bulk Reorder Policies

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website