Works with IPv4 & IPv6 local-in policies.

Can auto-run when imported as Userscript.
Purely reads and shows the config, not touching it.
If you use it, please write a comment or click the Kudo button.

Show custom local-in policies in FortiGate's WebUI with just a click!

1. Login to your FortiGate's WebUI and open to the local-in policy
   • Enable in System > Feature Visibility if required
     
2. Create a new bookmark in your web browser and copy the JavaScript code below into the URL field.
   
3. Click the bookmark and enjoy viewing your custom local-in policies!

Result:
Copy & paste into a bookmark:

javascript:(async function(){const ip4=await fetch('/api/v2/cmdb/firewall/local-in-policy');const a4=await ip4.json();const ip6=await fetch('/api/v2/cmdb/firewall/local-in-policy6');const a6=await ip6.json();const m=document.querySelector('.mutable-menu');const p=document.createElement('div');p.setAttribute("id","clip");s=t="<table style='width:100%;padding:0;border-spacing:0;border-collapse:collapse'><tr>";if(a4.size===0 && a6.size===0){s+="<td style='text-align:center;color:#aaa'>No custom Local-in policy configured.</td></tr>"}else{u="<td style='height:37px;text-align:center;background-color:gainsboro;border:1px solid #B9B9B9' colspan='9'>Custom Local-In ";v="Policy<span style='color:#aaa'> &rarr; configured via CLI / API</span></td></tr>";w="<tr style='height:32px;text-align:center;color:#fff;background-color:#5A5A5A;border:1px solid #B9B9B9'><td>&nbsp;#&nbsp;</td><td>Status</td><td>Interface</td><td>Source</td><td>Destination</td><td>Service</td><td>Action</td><td>Schedule</td><td>Comments</td></tr>"}if(a4.size!=0){if(a6.size===0){s+=u+v+w}else{s+=u+"<span style='color:green'>IPv4</span> "+v+w}for(const _ of a4.results){src_='';for(let i in _.srcaddr){if(i!=0){src_+='<br>'}if(_["srcaddr-negate"]=='enable'){src_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}src_+=_.srcaddr[i].name}dst_='';for(let j in _.dstaddr){if(j!=0){dst_+='<br>'}if(_["dstaddr-negate"]=='enable'){dst_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}dst_+=_.dstaddr[j].name}svc_='';for(let k in _.service){if(k!=0){svc_+='<br>'}if(_["service-negate"]=='enable'){svc_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}svc_+=_.service[k].name}s+='<tr style="height:32px;text-align:center"><td style="border:1px solid #E2E2E2">'+_.policyid+'</td><td style="border:1px solid #E2E2E2">'+_.status.replace('enable','<f-icon class="fa-enabled" title="Enabled" style="cursor:pointer"></f-icon>&nbsp;Enabled').replace('disable','<f-icon class="fa-disabled" title="Disabled" style="cursor:pointer"></f-icon>&nbsp;<span style="color:silver">Disabled</span>')+_["ha-mgmt-intf-only"].replace('enable','<br>HA&nbsp;management&nbsp;interface&nbsp;only').replace('disable','')+'</td><td style="border:1px solid #E2E2E2">'+_.intf+'</td><td style="border:1px solid #E2E2E2">'+src_+'</td><td style="border:1px solid #E2E2E2">'+dst_+'</td><td style="border:1px solid #E2E2E2">'+svc_+'</td><td style="border:1px solid #E2E2E2">'+_.action.replace('deny','<f-icon class="fa-denied" title="Deny" style="cursor:pointer"></f-icon>&nbsp;DENY').replace('accept','<f-icon class="fa-accepted" title="Accept" style="cursor:pointer"></f-icon>&nbsp;ACCEPT')+'</td><td style="border:1px solid #E2E2E2">'+_.schedule+'</td><td style="border:1px solid #E2E2E2">'+_.comments+'</td></tr>'}}if(a6.size!=0){t+=u+"<span style='color:darkviolet'>IPv6</span> "+v+w;for(const _ of a6.results){src_='';for(let l in _.srcaddr){if(l!=0){src_+='<br>'}if(_["srcaddr-negate"]=='enable'){src_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}src_+=_.srcaddr[l].name}dst_='';for(let m in _.dstaddr){if(m!=0){dst_+='<br>'}if(_["dstaddr-negate"]=='enable'){dst_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}dst_+=_.dstaddr[m].name}svc_='';for(let n in _.service){if(n!=0){svc_+='<br>'}if(_["service-negate"]=='enable'){svc_+='<f-icon class="fa-negate" title="Negated" style="cursor:pointer"></f-icon>&nbsp;'}svc_+=_.service[n].name}t+='<tr style="height:32px;text-align:center"><td style="border:1px solid #E2E2E2">'+_.policyid+'</td><td style="border:1px solid #E2E2E2">'+_.status.replace('enable','<f-icon class="fa-enabled" title="Enabled" style="cursor:pointer"></f-icon>&nbsp;Enabled').replace('disable','<f-icon class="fa-disabled" title="Disabled" style="cursor:pointer"></f-icon>&nbsp;<span style="color:silver">Disabled</span>')+'</td><td style="border:1px solid #E2E2E2">'+_.intf+'</td><td style="border:1px solid #E2E2E2">'+src_+'</td><td style="border:1px solid #E2E2E2">'+dst_+'</td><td style="border:1px solid #E2E2E2">'+svc_+'</td><td style="border:1px solid #E2E2E2">'+_.action.replace('deny','<f-icon class="fa-denied" title="Deny" style="cursor:pointer"></f-icon>&nbsp;DENY').replace('accept','<f-icon class="fa-accepted" title="Accept" style="cursor:pointer"></f-icon>&nbsp;ACCEPT')+'</td><td style="border:1px solid #E2E2E2">'+_.schedule+'</td><td style="border:1px solid #E2E2E2">'+_.comments+'</td></tr>'}}f="</table><br><table style='width:100%;padding:0;border-spacing:0;border-collapse:collapse'><tr><td style='height:37px;text-align:center;background-color:gainsboro;border:1px solid #B9B9B9;border-bottom:0'>Auto Local-In Policy<span style='color:#aaa'> &rarr; managed by FortiGate</span></td></tr></table>";if(a6.size===0){p.innerHTML=s+f}else{if(a4.size===0){p.innerHTML=t+f}else{p.innerHTML=s+"</table><br>"+t+f}}if(document.contains(document.getElementById("clip"))){document.getElementById("clip").remove();}m.after(p)})();