Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
azamwuzere
New Contributor

[SOLVED]Sequence ID information in backup config file

Hi All,

 

I'm looking for sequence ID information in backup config file. Reading through the config file, I'm yet to find the sequence ID information, only policy ID. Example as per below:

 

;---snip---

config firewall policy     edit 46         set srcintf "port3"         set dstintf "port1"         set srcaddr "Proxy group"         set dstaddr "all"         set action accept         set status disable         set schedule "always"         set service "HTTP" "HTTPS"         set logtraffic all         set comments "Rules 0006753"         set nat enable     next     edit 39         set srcintf "port3"         set dstintf "port1"         set srcaddr "direct_int" "M_PC"         set dstaddr "all"         set action accept         set schedule "always"         set service "HTTPS" "HTTP" "ALL_ICMP"         set logtraffic all         set nat enable     next

;---snip---

 

As far as I can confirm that the number after edit, e.g  "edit 39", which is 39 is indeed policy id. Is there is any way that I can extract mapped sequence id to policy ID?. I know that I can get this information from web GUI but I'm trying to automate things using CLI.

 

Btw, I'm exporting sys_config file using SCP.

 

Any inputs on this is highly appreciated. Thank you.

4 REPLIES 4
ede_pfau
SuperUser
SuperUser

Well, the sequence ID is not stored anywhere, it's computed/counted when the policy table is displayed. And it doesn't really matter as any operation on policies needs the ID as reference, not the sequence number.

Except for, that the effect of a policy depends on it's place in the sequence.

Intrinsically, the seq. no is given by the sequence of policies in the backup file - the policies are not ordered by ID in the config.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
azamwuzere

Hi ede_pfau,

 

Thank you for your reply. So it is confirmed that there are no sequence ID on plain sight in config file. Looking at the sequence of policies in the config file it is also not directly the same with the sequence in web GUI. 

 

However there are some similarities but still I cannot deduct any algorithm or way to extract the information from config file to be as the same as web GUI information.

 

Any thought on this? Or am I missing some crucial information and/or it is technically cannot be done?

 

Thanks in advance.

Toshi_Esumi

You're probably watching at Section View in GUI. If you change it to Gobal View, it would match the order in the saved config.

azamwuzere

Hi All,

 

Thank you to Toshi Esumi, I finally able to correlate the sequence ID and rules position in the config file. It is indeed same in Global View.

 

Thank you very much.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors