Works with IPv4 & IPv6 local-in policies.
Can auto-run when imported as Userscript.
Purely reads and shows the config, not touching it.
If you use it, please write a comment or click the Kudo button.
Show custom local-in policies in FortiGate's WebUI with just a click!
Result:
Copy & paste into a bookmark:
javascript:(async function(){const ip4=await fetch('/api/v2/cmdb/firewall/local-in-policy');const a4=await ip4.json();const ip6=await fetch('/api/v2/cmdb/firewall/local-in-policy6');const a6=await ip6.json();const m=document.querySelector('.mutable-menu');const p=document.createElement('div');p.setAttribute("id","clip");s=t="<table style='width:100%;padding:0;border-spacing:0;border-collapse:collapse'><tr>";if(a4.size===0 && a6.size===0){s+="<td style='text-align:center;color:#aaa'>No custom Local-in policy configured.</td></tr>"}else{u="<td style='height:37px;text-align:center;background-color:gainsboro;border:1px solid #B9B9B9' colspan='9'>Custom Local-In ";v="Policy<span style='color:#aaa'> → configured via CLI / API</span></td></tr>";w="<tr style='height:32px;text-align:center;color:#fff;background-color:#5A5A5A;border:1px solid #B9B9B9'><td> # </td><td>Status</td><td>Interface</td><td>Source</td><td>Destination</td><td>Service</td><td>Action</td><td>Schedule</td><td>Comments</td></tr>"}if(a4.size!=0){if(a6.size===0){s+=u+v+w}else{s+=u+"<span style='color:green'>IPv4</span> "+v+w}for(const _ of a4.results){src_='';for(let i in _.srcaddr){if(i!=0){src_+='<br>'}if(_["srcaddr-negate"]=='enable'){src_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}src_+=_.srcaddr[i].name}dst_='';for(let j in _.dstaddr){if(j!=0){dst_+='<br>'}if(_["dstaddr-negate"]=='enable'){dst_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}dst_+=_.dstaddr[j].name}svc_='';for(let k in _.service){if(k!=0){svc_+='<br>'}if(_["service-negate"]=='enable'){svc_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}svc_+=_.service[k].name}s+='<tr style="height:32px;text-align:center"><td style="border:1px solid #E2E2E2">'+_.policyid+'</td><td style="border:1px solid #E2E2E2">'+_.status.replace('enable','<f-icon class="fa-enabled" title="Enabled" style="cursor:pointer"></f-icon> Enabled').replace('disable','<f-icon class="fa-disabled" title="Disabled" style="cursor:pointer"></f-icon> <span style="color:silver">Disabled</span>')+_["ha-mgmt-intf-only"].replace('enable','<br>HA management interface only').replace('disable','')+'</td><td style="border:1px solid #E2E2E2">'+_.intf+'</td><td style="border:1px solid #E2E2E2">'+src_+'</td><td style="border:1px solid #E2E2E2">'+dst_+'</td><td style="border:1px solid #E2E2E2">'+svc_+'</td><td style="border:1px solid #E2E2E2">'+_.action.replace('deny','<f-icon class="fa-denied" title="Deny" style="cursor:pointer"></f-icon> DENY').replace('accept','<f-icon class="fa-accepted" title="Accept" style="cursor:pointer"></f-icon> ACCEPT')+'</td><td style="border:1px solid #E2E2E2">'+_.schedule+'</td><td style="border:1px solid #E2E2E2">'+_.comments+'</td></tr>'}}if(a6.size!=0){t+=u+"<span style='color:darkviolet'>IPv6</span> "+v+w;for(const _ of a6.results){src_='';for(let l in _.srcaddr){if(l!=0){src_+='<br>'}if(_["srcaddr-negate"]=='enable'){src_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}src_+=_.srcaddr[l].name}dst_='';for(let m in _.dstaddr){if(m!=0){dst_+='<br>'}if(_["dstaddr-negate"]=='enable'){dst_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}dst_+=_.dstaddr[m].name}svc_='';for(let n in _.service){if(n!=0){svc_+='<br>'}if(_["service-negate"]=='enable'){svc_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}svc_+=_.service[n].name}t+='<tr style="height:32px;text-align:center"><td style="border:1px solid #E2E2E2">'+_.policyid+'</td><td style="border:1px solid #E2E2E2">'+_.status.replace('enable','<f-icon class="fa-enabled" title="Enabled" style="cursor:pointer"></f-icon> Enabled').replace('disable','<f-icon class="fa-disabled" title="Disabled" style="cursor:pointer"></f-icon> <span style="color:silver">Disabled</span>')+'</td><td style="border:1px solid #E2E2E2">'+_.intf+'</td><td style="border:1px solid #E2E2E2">'+src_+'</td><td style="border:1px solid #E2E2E2">'+dst_+'</td><td style="border:1px solid #E2E2E2">'+svc_+'</td><td style="border:1px solid #E2E2E2">'+_.action.replace('deny','<f-icon class="fa-denied" title="Deny" style="cursor:pointer"></f-icon> DENY').replace('accept','<f-icon class="fa-accepted" title="Accept" style="cursor:pointer"></f-icon> ACCEPT')+'</td><td style="border:1px solid #E2E2E2">'+_.schedule+'</td><td style="border:1px solid #E2E2E2">'+_.comments+'</td></tr>'}}f="</table><br><table style='width:100%;padding:0;border-spacing:0;border-collapse:collapse'><tr><td style='height:37px;text-align:center;background-color:gainsboro;border:1px solid #B9B9B9;border-bottom:0'>Auto Local-In Policy<span style='color:#aaa'> → managed by FortiGate</span></td></tr></table>";if(a6.size===0){p.innerHTML=s+f}else{if(a4.size===0){p.innerHTML=t+f}else{p.innerHTML=s+"</table><br>"+t+f}}if(document.contains(document.getElementById("clip"))){document.getElementById("clip").remove();}m.after(p)})();
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Danny,
thanks for the useful script - tried it on few Forti already, works as expected, works on 6.4.x, 6.2.x, and 7.2.x. It does not work on 5.6.x I am sure because API paths are different in older versions, which is ok - not many left at 5.6.x train anyway.
If you can host it somewhere - your blog/Github/etc, I will be glad to put a link to it on my Local-in post https://yurisk.info/2020/06/07/fortigate-local-in-policy/ which comes quite high in the Google searches, for better outreach.
Best regards
Yuri
Very helpful UX improvement for Local-In Policies in the GUI!
Its so awesome, hope this will be added to UI soon
It's awesome and very helpful.
Dear Dannу,
Thank you for the technical guide you provided.
Best regards,
Roee Golan.
This looks amazing! I've always missed this feature. We always talk about using local-in policys but they are always very hard to "grip". This helps for sure!
Thanks for your contribution Danny!
Very helpful!
Would be great if this could be added to your FortiGate WebUI tool.
Created on 07-06-2023 10:24 PM Edited on 07-06-2023 10:26 PM
I added it to the WebUI tool.
This code is a JavaScript bookmarklet that can be used to show custom local-in policies in FortiGate's WebUI. The bookmarklet reads the configuration and displays it in a table format, without making any changes to the configuration.
To use this bookmarklet, you can follow these steps:
1. Login to your FortiGate's WebUI and navigate to System > Feature Visibility. Make sure that the local-in policy is enabled.
2. Create a new bookmark in your web browser and copy the JavaScript code provided above into the URL field.
3. Click the bookmark and the local-in policies will be displayed in a table format.
Note that this code works for both IPv4 and IPv6 local-in policies. Also, if you use this bookmarklet, it is recommended to write a comment or click the Kudo button to acknowledge its usefulness.
I hope this helps! Let me know if you have any further questions or if there's anything else I can assist you with.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.