- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Section view is currently Disabled
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Section view is currently Disabled
How can we easily identify that which ploicy creating problem.
I am not using policy with "any" interface. Plz help
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi IFT,
It's *possible* it got disabled in the global...
config system global
set gui-policy-interface-pairs-view enable
end
It's not just the 'ANY' interface that can cause this, however. Combining two interfaces into one rule will also break section view (a super silly example: you have your WAN and DMZ listed as the Source or destination, of a rule).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ShrewLWD wrote:Hi IFT,
It's *possible* it got disabled in the global...
config system global
set gui-policy-interface-pairs-view enable
end
It's not just the 'ANY' interface that can cause this, however. Combining two interfaces into one rule will also break section view (a super silly example: you have your WAN and DMZ listed as the Source or destination, of a rule).
Hello Shrew,
this command is not working in CLI mode, version of FortiGate 100D is v5.0,build4429.
There are no such type of rule or policy in Firewall as you said ((a super silly example: you have your WAN and DMZ listed as the Source or destination, of a rule). Give me some examples or trick to search conflict rules.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm, yes I tested on my 600C (509) and 100D (521) and that command is now gone. It's still listed here in their 5.0 documentation...
http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/gui.070.14.html
Well, you could dump the config file and check the policy section for something like;
set srcintf "WAN1" "WAN2"
or
set dstintf "internal" "DMZ"
etc.
Please note: around patch 6 of 5.0 they did explicitly make a change to the Section View:
To improve GUI performance, Section View is disabled in the firewall policy page if a large number of policies exist
Do you have a high number of policies?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ShrewLWD wrote:Hmm, yes I tested on my 600C (509) and 100D (521) and that command is now gone. It's still listed here in their 5.0 documentation...
http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/gui.070.14.html
Well, you could dump the config file and check the policy section for something like;
set srcintf "WAN1" "WAN2"
or
set dstintf "internal" "DMZ"
etc.
Please note: around patch 6 of 5.0 they did explicitly make a change to the Section View:
To improve GUI performance, Section View is disabled in the firewall policy page if a large number of policies exist
Do you have a high number of policies?
Hello Shrew,
FortiGate have only 53 Policies. Can you check remotely our Firewall Policies.
My GMAIL id id kuldeepsingh007ster@gmail.com , Ping me on this id or you can share you Gmail id where i will give Firewall access through Teamviewer.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you do not want to load an unencrypted backup of the config file into a text editor and perform the search yourself, you can always type show firewall policy on the CLI.
For a quick search to see if there are multiple interface names used in the config, type on the CLI the following...
show full | grep srcintf and
show full | grep dstintf
edit: you can also use show firewall policy | grep -f <interface name> (e.g. show firewall policy | grep -f wan1)
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey ift,
I'm sorry, but being able to assist directly is not something I am comfortable doing.
You may want to open a ticket with Fortinet TAC so they can take a look (assuming it is registered and has an active contract).
Please do not accept an invitation from anyone claiming to be me, on your gmail account.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Multiple interfaces in a policy are only allowed in FOS v5 and higher.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Fortinetclient SSL VPN Unable to use... 261 Views
- Wireless NAC limitations with FortiGate 40F... 130 Views
- Stuck on Connecting after clicking the... 276 Views
- What da heck is going on... 263 Views
- Strange Problem with SD WAN -... 208 Views
Labels
-
FortiGate
7,124 -
FortiClient
1,405 -
5.2
801 -
5.4
639 -
FortiManager
616 -
FortiAnalyzer
453 -
6.0
416 -
FortiAP
373 -
FortiSwitch
369 -
5.6
362 -
FortiClient EMS
290 -
FortiMail
280 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
6.4
128 -
FortiNAC
126 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
101 -
FortiGateCloud
96 -
FortiSIEM
92 -
FortiCloud Products
88 -
FortiToken
76 -
Customer Service
72 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
48 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
39 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiExtender
34 -
FortiSandbox
33 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
LDAP
18 -
Interface
18 -
FortiSwitch v6.2
17 -
VDOM
17 -
FortiMonitor
15 -
Authentication
15 -
Routing
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
RADIUS
12 -
NAT
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSL SSH inspection
10 -
SSO
10 -
FortiRecorder
10 -
Application control
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
OSPF
7 -
Web application firewall profile
7 -
4.0
7 -
Admin
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
IPS signature
5 -
Packet capture
5 -
Automation
5 -
DNS Filter
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiCache
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Web rating
4 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Fortinet Engage Partner Program
3 -
Traffic shaping profile
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1059 | |
| 882 | |
| 523 | |
| 441 | |
| 147 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.