Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FlashOver
New Contributor

Created on ‎02-16-2012 05:52 AM

Filter Firewall rules on CLI which match a filter

Hi. When I make a " show firewall policy" on CLI, I will see all rules like they are ordered. But, when I have to make some changes on some special rules, it will take a long time on cli to sort them out to know there ID. Otherwise I could do so by using a search option within a editor like notepad++ across the complete configuration file but that is not a good solution. Is it possible to show all firewall policies which match a filter? For example. show firewall policy | includes srcint wan1 Is something like that possible? I tried commands like | grep, begin and something like that I know from other vendors but nothing worked. Can somebody tell me, if there are some hidden filter commands for the output available?
3913
0 Kudos
7 REPLIES 7
ede_pfau
SuperUser
SuperUser

Created on ‎02-16-2012 07:21 AM 

 conf firewall policy
 show | grep anything
This works in 4.2.10. I don' t know exactly when Fortinet introduced the ' grep' command but I think it' s from 4.2 on. It' s documented in the 4.2 CLI Guide, last chapter, under ' get' . grep Options: ' -i' case-insensitive, ' -v' invert results and the search pattern may be a Regular Expression.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3389
0 Kudos
FlashOver
New Contributor

Created on ‎02-16-2012 07:36 AM

I will have a look to the cli reference guide at the get section and will try what i " get" thank you very much for your fast response
3389
0 Kudos
rwpatterson
Valued Contributor III
In response to FlashOver

Created on ‎02-16-2012 08:46 AM

Not sure if this will help or not: I open the backup file, find what I want to change there, change it, and paste it back into the CLI window. Not quite what you' re looking for, but same effect.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
3389
0 Kudos
FlashOver
New Contributor

Created on ‎02-16-2012 12:25 PM

When I think on a customer Firewall with more then 3000 policy rules, I think that can not bet handled this way with 50 changes per day per device. At the moment a checkpoint.
3389
0 Kudos
rwpatterson
Valued Contributor III
In response to FlashOver

Created on ‎02-16-2012 12:42 PM

ORIGINAL: FlashOver When I think on a customer Firewall with more then 3000 policy rules, I think that can not bet handled this way with 50 changes per day per device. At the moment a checkpoint.
3000 policies? 50 changes per day? that seems to me more like either bad planning or a really micro-managing boss.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
3389
0 Kudos
FlashOver
New Contributor

Created on ‎02-17-2012 02:09 AM

That' s one of the biggest customers from CheckPoint in Europe which is growing and growing and growing. New Applications, new servies, new regions, new special networks and dmz... a lot of work for hundrets for firewall clusters.
3389
0 Kudos
FortiRack_Eric
New Contributor III

Created on ‎02-20-2012 05:06 AM

In the gui you have some nice features to select the firewall rules you' ll need and changed. Bare in mind that in the standard view the policies are ordered based on source and destination interface that in essence already orders the gui and is not so messy as the checkpoint interface. There is also global view in the Fortigate and basically then you have your messy checkpoint interface. It was made on purpose for old checkpoint users to make them feel at home after a migration.

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
3389
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.