Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

How to move a policy in the policy list from a CLI.

Hi, The official document says as follwing... ***************************************** Rearranging policies Moving a policy in the firewall policy list does not change its ID, which only indicates the order in which the policy was created. To move a policy in the policy list 1 Go to Firewall > Policy > Policy. 2 In the firewall policy list, note the ID of a firewall policy that is before or after your intended destination. 3 Select the row corresponding to the firewall policy you want to move and select Move. 4 Select Before or After, and enter the ID of the firewall policy that is before or after your intended destination. This specifies the policy’s new position in the firewall policy list. 5 Select OK. ***************************************** How to move a policy in the policy list from a CLI. Regards, okumura
3 REPLIES 3
ede_pfau
SuperUser
SuperUser

Hi,
 config firewall policy
 move <id1> before|after <id2>
After typing ' config firewall policy' , type ' ?' . You get the commands available. After ' move' , type ' ?' . You get the policy IDs. ...you get the notion. ' ?' is your friend.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Not applicable

Hi ede, I could find the ' move' command after typing ' ?' . Thank you for your help. But... In the document of v2_80, (http://ftp.tc.edu.tw/conference/product/wp_FortiGate_v2_80_cli_ref_guide.pdf) " show" or " move" command is mentioned as below. ************************* □policy Use this command to add, edit or delete firewall policies. Firewall policies control all traffic passing through the FortiGate unit. Firewall policies are instructions used by the FortiGate unit to decide what to do with a connection request. The policy directs the firewall to allow the connection, deny the connection, require authentication before the connection is allowed, or process the packet as an IPSec VPN packet. Command syntax pattern config firewall policy edit <id_integer> set <keyword> <variable> config firewall policy edit <id_integer> unset <keyword> config firewall policy delete <id_integer> config firewall policy move <id_integer> {after <id_integer> | before <id_integer>} get firewall policy [<id_integer>] show firewall policy [<id_integer>] ************************* but in 4.0MR2, (http://docs.fortinet.com/fgt40mr2.html) " show" or " move" command is not mentioned. See below... ************************* □policy, policy6 Use this command to add, edit, or delete firewall policies. Firewall policies control all traffic passing through the FortiGate unit. Firewall policies are instructions used by the FortiGate unit to decide what to do with a connection request. The policy directs the firewall to allow the connection, deny the connection, require authentication before the connection is allowed, or apply IPSec or SSL VPN processing. Note: If you are creating an IPv6 policy, some of the IPv4 options, such as NAT and VPN settings, are not applicable. Syntax config firewall policy, policy6 edit <index_int> set action {accept | deny | ipsec | ssl-vpn} set application {enable | disable} set auth-cert <certificate_str> ・・・ ・・・ ・・・ ************************* Why Fortinet delete those commands from the current document?
ede_pfau
SuperUser
SuperUser

Look at this, from v4.00 MR2 patch 7 (b324):
 gate # conf fi policy 
 
 gate (policy) # 
 edit      add/edit a table value
 delete    delete a table value
 purge     clear all table value
 move      move an ordered table value
 clone     clone a table entry
 get       get dynamic and system information
 show      show configuration
 end       end and save last config
 
The commands still are there. Try again - type ' config firewall policy' , RETURN, and then ' ?' .
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors