Show custom local-in policies in FortiGate WebUI

Dannу · ‎01-31-2023

Works with IPv4 & IPv6 local-in policies.

Can auto-run when imported as Userscript.
Purely reads and shows the config, not touching it.
If you use it, please write a comment or click the Kudo button.

Show custom local-in policies in FortiGate's WebUI with just a click!

Login to your FortiGate's WebUI and open to the local-in policy
- Enable in System > Feature Visibility if required
Create a new bookmark in your web browser and copy the JavaScript code below into the URL field.
Click the bookmark and enjoy viewing your custom local-in policies!

Result:
Copy & paste into a bookmark:

javascript:(async function(){const ip4=await fetch('/api/v2/cmdb/firewall/local-in-policy');const a4=await ip4.json();const ip6=await fetch('/api/v2/cmdb/firewall/local-in-policy6');const a6=await ip6.json();const m=document.querySelector('.mutable-menu');const p=document.createElement('div');p.setAttribute("id","clip");s=t="<table style='width:100%;padding:0;border-spacing:0;border-collapse:collapse'><tr>";if(a4.size===0 && a6.size===0){s+="<td style='text-align:center;color:#aaa'>No custom Local-in policy configured.</td></tr>"}else{u="<td style='height:37px;text-align:center;background-color:gainsboro;border:1px solid #B9B9B9' colspan='9'>Custom Local-In ";v="Policy<span style='color:#aaa'> &rarr; configured via CLI / API</span></td></tr>";w="<tr style='height:32px;text-align:center;color:#fff;background-color:#5A5A5A;border:1px solid #B9B9B9'><td>&nbsp;#&nbsp;</td><td>Status</td><td>Interface</td><td>Source</td><td>Destination</td><td>Service</td><td>Action</td><td>Schedule</td><td>Comments</td></tr>"}if(a4.size!=0){if(a6.size===0){s+=u+v+w}else{s+=u+"<span style='color:green'>IPv4</span> "+v+w}for(const _ of a4.results){src_='';for(let i in _.srcaddr){if(i!=0){src_+='<br>'}if(_["srcaddr-negate"]=='enable'){src_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}src_+=_.srcaddr[i].name}dst_='';for(let j in _.dstaddr){if(j!=0){dst_+='<br>'}if(_["dstaddr-negate"]=='enable'){dst_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}dst_+=_.dstaddr[j].name}svc_='';for(let k in _.service){if(k!=0){svc_+='<br>'}if(_["service-negate"]=='enable'){svc_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}svc_+=_.service[k].name}s+='<tr style="height:32px;text-align:center"><td style="border:1px solid #E2E2E2">'+_.policyid+'</td><td style="border:1px solid #E2E2E2">'+_.status.replace('enable','<f-icon class="fa-enabled" title="Enabled" style="cursor:pointer"></f-icon>&nbsp;Enabled').replace('disable','<f-icon class="fa-disabled" title="Disabled" style="cursor:pointer"></f-icon>&nbsp;<span style="color:silver">Disabled</span>')+_["ha-mgmt-intf-only"].replace('enable','<br>HA&nbsp;management&nbsp;interface&nbsp;only').replace('disable','')+'</td><td style="border:1px solid #E2E2E2">'+_.intf+'</td><td style="border:1px solid #E2E2E2">'+src_+'</td><td style="border:1px solid #E2E2E2">'+dst_+'</td><td style="border:1px solid #E2E2E2">'+svc_+'</td><td style="border:1px solid #E2E2E2">'+_.action.replace('deny','<f-icon class="fa-denied" title="Deny" style="cursor:pointer"></f-icon>&nbsp;DENY').replace('accept','<f-icon class="fa-accepted" title="Accept" style="cursor:pointer"></f-icon>&nbsp;ACCEPT')+'</td><td style="border:1px solid #E2E2E2">'+_.schedule+'</td><td style="border:1px solid #E2E2E2">'+_.comments+'</td></tr>'}}if(a6.size!=0){t+=u+"<span style='color:darkviolet'>IPv6</span> "+v+w;for(const _ of a6.results){src_='';for(let l in _.srcaddr){if(l!=0){src_+='<br>'}if(_["srcaddr-negate"]=='enable'){src_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}src_+=_.srcaddr[l].name}dst_='';for(let m in _.dstaddr){if(m!=0){dst_+='<br>'}if(_["dstaddr-negate"]=='enable'){dst_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}dst_+=_.dstaddr[m].name}svc_='';for(let n in _.service){if(n!=0){svc_+='<br>'}if(_["service-negate"]=='enable'){svc_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}svc_+=_.service[n].name}t+='<tr style="height:32px;text-align:center"><td style="border:1px solid #E2E2E2">'+_.policyid+'</td><td style="border:1px solid #E2E2E2">'+_.status.replace('enable','<f-icon class="fa-enabled" title="Enabled" style="cursor:pointer"></f-icon>&nbsp;Enabled').replace('disable','<f-icon class="fa-disabled" title="Disabled" style="cursor:pointer"></f-icon>&nbsp;<span style="color:silver">Disabled</span>')+'</td><td style="border:1px solid #E2E2E2">'+_.intf+'</td><td style="border:1px solid #E2E2E2">'+src_+'</td><td style="border:1px solid #E2E2E2">'+dst_+'</td><td style="border:1px solid #E2E2E2">'+svc_+'</td><td style="border:1px solid #E2E2E2">'+_.action.replace('deny','<f-icon class="fa-denied" title="Deny" style="cursor:pointer"></f-icon>&nbsp;DENY').replace('accept','<f-icon class="fa-accepted" title="Accept" style="cursor:pointer"></f-icon>&nbsp;ACCEPT')+'</td><td style="border:1px solid #E2E2E2">'+_.schedule+'</td><td style="border:1px solid #E2E2E2">'+_.comments+'</td></tr>'}}f="</table><br><table style='width:100%;padding:0;border-spacing:0;border-collapse:collapse'><tr><td style='height:37px;text-align:center;background-color:gainsboro;border:1px solid #B9B9B9;border-bottom:0'>Auto Local-In Policy<span style='color:#aaa'> &rarr; managed by FortiGate</span></td></tr></table>";if(a6.size===0){p.innerHTML=s+f}else{if(a4.size===0){p.innerHTML=t+f}else{p.innerHTML=s+"</table><br>"+t+f}}if(document.contains(document.getElementById("clip"))){document.getElementById("clip").remove();}m.after(p)})();

Faiza_Emam_Delhi · ‎06-17-2023

This code is a JavaScript bookmarklet that can be used to show custom local-in policies in FortiGate's WebUI. The bookmarklet reads the configuration and displays it in a table format, without making any changes to the configuration.

To use this bookmarklet, you can follow these steps:

1. Login to your FortiGate's WebUI and navigate to System > Feature Visibility. Make sure that the local-in policy is enabled.

2. Create a new bookmark in your web browser and copy the JavaScript code provided above into the URL field.

3. Click the bookmark and the local-in policies will be displayed in a table format.

Note that this code works for both IPv4 and IPv6 local-in policies. Also, if you use this bookmarklet, it is recommended to write a comment or click the Kudo button to acknowledge its usefulness.

I hope this helps! Let me know if you have any further questions or if there's anything else I can assist you with.

Thanks & Regards,
Faizal Emam

minxminx · ‎03-10-2025

Hi,

I created bookmark on Chrome and changed ip4=await fetch('https://myIP:port/api.....) but it doesn't open anything the URL box still blank. Do I have to do something on Chrome/Fortigate? thanks

Dannу · ‎03-10-2025

@minxminx : You don't need to change anything in the code. Just copy and paste the code into your bookmark as it is.

Here is the latest version of the script: https://github.com/fwsec/fgt-webui-tools

minxminx · ‎03-12-2025

I opened bookmark manager and I added there, open my Fortigate UI, Local in Policy, Click the bookmark but nothing, I saw under dev tools, it adds 2 <script> when I refresh but my UI still stay the same.

Dannу · ‎03-12-2025

Did you use the latest code on GitHub or the one from this topic?
If it doesn't work as shown below, please try another web browser and tell us your FortiGate version.

Show custom local-in policies in FortiGate WebUI

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website