Ede in chkp a object is just about everything is object OP, you need to find the fwpolicies for the object and review the services. In the gui go firewall > policy Than you can filter out the object that your looking for if you know it. Or maybe it might be better to dump the fortigate configuration, run it thru word or VI ( unix ) and search on the object of interest. This will lead you to the fwpolicy-IDs. Also you have firewall address objects that can be reference in firewall policies. Bottom line, the WebGUI is very simple to manipulate and to search for items. I suggest you give a stab or review one of the fortinet on video KBs.

Also, if you are old-school you can also locate objects through the CLI with the " diagnose sys checkused" command. e.g. if you want find policies referencing host-x, then you can diagnose sys checkused firewall.address.name ' host-x' which will show you every policy referencing that host. This can be used for any firewall object - firewall.address.name is just one of hundreds (do a " print tablesize" to see them). Regards,

Dim is exactly how you should describe me. So basically they would like allow certain ports out on a specific object / server. I am trying to find where this object is in the policy. Since we have quite a few rules in the policy, I am trying to find out what rules this specific object is used so i can allow those ports. Example - Customer X would like http and https allowed for a server called Ciscowireless. I see that there is an object for Ciscowireless but I do not know which policy rule this object is used in. Knowing the object is in the policy somehwere, is there an easy way to find out where?

No your not dim your just used to chkpoint methods. We will train you to upper class fortigate Depending on FortiOS you might have something that' s simpler. If the object are address objects ( similar to chkpoint ) their a tab can you it reference. See the attached screenshot and the far right rectangle. What I would do persoanally; 1: navigate in the WebGUI ( it is very much user friendly like chkpt ) 2: learn your firewall-address object ( similar to chkpt lan objects ) 3: learn you services 4: learn your firewall policies Than you will see how all are tied together and you will find the fortinet method took some of the things from chkpoint methods and improved on it. BTW cisco did the same damm thing in the asdm. All of this came from the chkpoint imho.

btw here' s a service object ( didn;t know how to add 2 photos on one link ) it shows the references to the firewall policies.

One hint from me on top: you can switch the firewall policy table view from section-view (grouping by interface pairs) to ' global' with the controls in the upper right corner. Then, a simple search in your browser (Firefox: Ctrl-F) will jump to the object' s name IF it is actively used in a policy. And only IF all columns are visible (' column setup' ). Sounds clumsy because of all the IFs but in practice all relevant columns are shown anyway (source, dest, service). If you are looking for a VIP or an IPpool (NAT constructs) then searching might take a bit longer.