- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Show custom local-in policies in FortiGate WebUI
Works with IPv4 & IPv6 local-in policies.
Can auto-run when imported as Userscript.
Purely reads and shows the config, not touching it.
If you use it, please write a comment or click the Kudo button.
Show custom local-in policies in FortiGate's WebUI with just a click!
- Login to your FortiGate's WebUI and open to the local-in policy
- Enable in System > Feature Visibility if required
- Enable in System > Feature Visibility if required
- Create a new bookmark in your web browser and copy the JavaScript code below into the URL field.
- Click the bookmark and enjoy viewing your custom local-in policies!
Result:
Copy & paste into a bookmark:
javascript:(async function(){const ip4=await fetch('/api/v2/cmdb/firewall/local-in-policy');const a4=await ip4.json();const ip6=await fetch('/api/v2/cmdb/firewall/local-in-policy6');const a6=await ip6.json();const m=document.querySelector('.mutable-menu');const p=document.createElement('div');p.setAttribute("id","clip");s=t="<table style='width:100%;padding:0;border-spacing:0;border-collapse:collapse'><tr>";if(a4.size===0 && a6.size===0){s+="<td style='text-align:center;color:#aaa'>No custom Local-in policy configured.</td></tr>"}else{u="<td style='height:37px;text-align:center;background-color:gainsboro;border:1px solid #B9B9B9' colspan='9'>Custom Local-In ";v="Policy<span style='color:#aaa'> → configured via CLI / API</span></td></tr>";w="<tr style='height:32px;text-align:center;color:#fff;background-color:#5A5A5A;border:1px solid #B9B9B9'><td> # </td><td>Status</td><td>Interface</td><td>Source</td><td>Destination</td><td>Service</td><td>Action</td><td>Schedule</td><td>Comments</td></tr>"}if(a4.size!=0){if(a6.size===0){s+=u+v+w}else{s+=u+"<span style='color:green'>IPv4</span> "+v+w}for(const _ of a4.results){src_='';for(let i in _.srcaddr){if(i!=0){src_+='<br>'}if(_["srcaddr-negate"]=='enable'){src_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}src_+=_.srcaddr[i].name}dst_='';for(let j in _.dstaddr){if(j!=0){dst_+='<br>'}if(_["dstaddr-negate"]=='enable'){dst_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}dst_+=_.dstaddr[j].name}svc_='';for(let k in _.service){if(k!=0){svc_+='<br>'}if(_["service-negate"]=='enable'){svc_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}svc_+=_.service[k].name}s+='<tr style="height:32px;text-align:center"><td style="border:1px solid #E2E2E2">'+_.policyid+'</td><td style="border:1px solid #E2E2E2">'+_.status.replace('enable','<f-icon class="fa-enabled" title="Enabled" style="cursor:pointer"></f-icon> Enabled').replace('disable','<f-icon class="fa-disabled" title="Disabled" style="cursor:pointer"></f-icon> <span style="color:silver">Disabled</span>')+_["ha-mgmt-intf-only"].replace('enable','<br>HA management interface only').replace('disable','')+'</td><td style="border:1px solid #E2E2E2">'+_.intf+'</td><td style="border:1px solid #E2E2E2">'+src_+'</td><td style="border:1px solid #E2E2E2">'+dst_+'</td><td style="border:1px solid #E2E2E2">'+svc_+'</td><td style="border:1px solid #E2E2E2">'+_.action.replace('deny','<f-icon class="fa-denied" title="Deny" style="cursor:pointer"></f-icon> DENY').replace('accept','<f-icon class="fa-accepted" title="Accept" style="cursor:pointer"></f-icon> ACCEPT')+'</td><td style="border:1px solid #E2E2E2">'+_.schedule+'</td><td style="border:1px solid #E2E2E2">'+_.comments+'</td></tr>'}}if(a6.size!=0){t+=u+"<span style='color:darkviolet'>IPv6</span> "+v+w;for(const _ of a6.results){src_='';for(let l in _.srcaddr){if(l!=0){src_+='<br>'}if(_["srcaddr-negate"]=='enable'){src_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}src_+=_.srcaddr[l].name}dst_='';for(let m in _.dstaddr){if(m!=0){dst_+='<br>'}if(_["dstaddr-negate"]=='enable'){dst_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}dst_+=_.dstaddr[m].name}svc_='';for(let n in _.service){if(n!=0){svc_+='<br>'}if(_["service-negate"]=='enable'){svc_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon> '}svc_+=_.service[n].name}t+='<tr style="height:32px;text-align:center"><td style="border:1px solid #E2E2E2">'+_.policyid+'</td><td style="border:1px solid #E2E2E2">'+_.status.replace('enable','<f-icon class="fa-enabled" title="Enabled" style="cursor:pointer"></f-icon> Enabled').replace('disable','<f-icon class="fa-disabled" title="Disabled" style="cursor:pointer"></f-icon> <span style="color:silver">Disabled</span>')+'</td><td style="border:1px solid #E2E2E2">'+_.intf+'</td><td style="border:1px solid #E2E2E2">'+src_+'</td><td style="border:1px solid #E2E2E2">'+dst_+'</td><td style="border:1px solid #E2E2E2">'+svc_+'</td><td style="border:1px solid #E2E2E2">'+_.action.replace('deny','<f-icon class="fa-denied" title="Deny" style="cursor:pointer"></f-icon> DENY').replace('accept','<f-icon class="fa-accepted" title="Accept" style="cursor:pointer"></f-icon> ACCEPT')+'</td><td style="border:1px solid #E2E2E2">'+_.schedule+'</td><td style="border:1px solid #E2E2E2">'+_.comments+'</td></tr>'}}f="</table><br><table style='width:100%;padding:0;border-spacing:0;border-collapse:collapse'><tr><td style='height:37px;text-align:center;background-color:gainsboro;border:1px solid #B9B9B9;border-bottom:0'>Auto Local-In Policy<span style='color:#aaa'> → managed by FortiGate</span></td></tr></table>";if(a6.size===0){p.innerHTML=s+f}else{if(a4.size===0){p.innerHTML=t+f}else{p.innerHTML=s+"</table><br>"+t+f}}if(document.contains(document.getElementById("clip"))){document.getElementById("clip").remove();}m.after(p)})();
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Danny,
thanks for the useful script - tried it on few Forti already, works as expected, works on 6.4.x, 6.2.x, and 7.2.x. It does not work on 5.6.x I am sure because API paths are different in older versions, which is ok - not many left at 5.6.x train anyway.
If you can host it somewhere - your blog/Github/etc, I will be glad to put a link to it on my Local-in post https://yurisk.info/2020/06/07/fortigate-local-in-policy/ which comes quite high in the Google searches, for better outreach.
Best regards
Yuri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Very helpful UX improvement for Local-In Policies in the GUI!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Its so awesome, hope this will be added to UI soon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's awesome and very helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Dannу,
Thank you for the technical guide you provided.
Best regards,
Roee Golan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This looks amazing! I've always missed this feature. We always talk about using local-in policys but they are always very hard to "grip". This helps for sure!
Thanks for your contribution Danny!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Very helpful!
Would be great if this could be added to your FortiGate WebUI tool.
Created on 07-06-2023 10:24 PM Edited on 07-06-2023 10:26 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I added it to the WebUI tool.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Danny,
Thanks a lot for your work and very convenient tools!!
Kudos to you!