Hi,
I am aware that to view a specific policy ID from the command line, I will need to type in "show firewall policy <polic ID>, but how to view all the policies specific to an Interface? e.g. source port - port1 and destination port10, I need to view all the policies under this from the CLI
Anand
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
This functionality is only available in the GUI. One workaround would be to get the IDs from the GUI section display and call them up one after another in the CLI, e.g.
show firewall policy <nn>
Thanks to your question I found out that one can call the 'show' command with a policy ID - didn't notice in the last 10 years...
As per ede's post the GUI would be the way to go.
You can show policies in the CLI and filter using grep, but that would only filter if the source or destination interface was port1.
You could use an OR grep for port1 or port10, but again it would show all policies where either port1 or port10 is used in source or destination interface.
FYI to do this you would use the following:
config firewall policy
show | grep -f 'port1\|port10'
@neonbit: grep will only filter the lines with 'set dstintf' and 'set srcintf', not the whole block. I doubt this will suffice.
ede_pfau wrote:I know this is old, but it might help someone who is reading this:@neonbit: grep will only filter the lines with 'set dstintf' and 'set srcintf', not the whole block. I doubt this will suffice.
if you use "show firewall policy | grep -B10 -A10 -f 'port1\|port10'"
it will show the 10 lines before and after the interfaces....this can be handy to see the entire block, alternatively you could just use the -B10 which would end up showing you which policy ID and then use the OP syntax to view the whole policy. Hope this helps.
ede_pfau wrote:Lol! I see I'm not the only one still learning things here. ;)This functionality is only available in the GUI. One workaround would be to get the IDs from the GUI section display and call them up one after another in the CLI, e.g.
show firewall policy <nn>
Thanks to your question I found out that one can call the 'show' command with a policy ID - didn't notice in the last 10 years...
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Yeap I use what bstevens does and almost daily if I might add.
So much quicker ( than the gui ) and the problem with the WebGUI, " the WebGUI does NOT show you all items for that policyID. Just the common items. "
More and more fortigate engineer do not know that and are missing other items that might be enable imho
PCNSE
NSE
StrongSwan
So is it not possible to delete a policy unless you know the id?
Correct you need to know the policy.id and no warning or confirmation is given. Know what your doing before you issue delete
Ken Felix
PCNSE
NSE
StrongSwan
May be the below context helps
show firewall policy | grep -f port1
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.