Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Eric_Robinson
New Contributor

Config firewall policy via the CLI question

I have several firewalls which need new policies. I have opted to learn the CLI commands to make the job faster and easier. Unfortunately the firewall policy names are numbers; therefor, without knowing which numbers are already used by policies...what would be the best way to add a policy name? Is there a feature to have the CLI automatically assign the next available policy number? Then supposing that is done successfully. What if I wanted to move the policy to the top of its section? It almost seems like I need to come up with a script to query the Fortinet perhaps with Get commands so that these topics can be dynamically created. Thanks
4 REPLIES 4
Carl_Wallmark
Valued Contributor

Hi, You use: edit 0 Then it will take the next available number.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Eric_Robinson
New Contributor

Much thanks
emnoc
Esteemed Contributor III

One suggestion, you might want NOT to select the next number. remember fwolicies ordering is determinantal in a proper security architect. just my 2 cts

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
rwpatterson
Valued Contributor III

ORIGINAL: Eric Robinson I have several firewalls which need new policies. I have opted to learn the CLI commands to make the job faster and easier.
I don' t agree with the faster part. Easier, yes if you are familiar with the commands, and know the correct address entities, interfaces, etc. My spare change

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Labels
Top Kudoed Authors