I have edit a configuration file for my fortinet 600D. He load and running correctly but when I visualize the firewall policy on the dashboard only few security policies has been updated . If i try to include manually the system said that the label of policy already exist. If i download the backup of configuration the number of policy are different from the policies visualized on the dashboard . This issue i have only for firewall policy all the other section are corrected interpretated.
Any idea? any command to know if the input file has issues? I tried also with different editor but nothing
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The dashboard shows partially the total number of policies but by CLI everything is fine. It could be a bug.
Not completely sure what do you see and where.
A picture , or actual error/warning message, will help.
If I have a look to policies, then I can see them in Policy&Objects with switch on top right to change between interface pair view and all policies ordered by their sequence numbers.
On Dashboard is FortiView on Policies, which shows ONLY those which has/had some active sessions, or transferred any bytes (which is default Sort option, see settings of the widget).
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Created on 09-14-2022 01:22 AM Edited on 09-14-2022 09:04 AM
Hi Tom I appreciated a lot your support!. In the Policy&Object the problem. I can able to visualize some policies but missing others!! If I tried also by CLI to edit a number specific but only some numbers are present other numbers are missing. In short in the list of policies in the original conf file loaded in the firewall and some of them are removed or not included. I send you an example belove : for instance until 2 is ok them miss 3 (third policy) , the fourth has been included and 5 and 6 no. Why these policies are not loaded correctly and other yes? syntax is perfect. If i tried to include manually the missing policy the interface reply that already exist.
-----------
config firewall policy
edit 1
set name "ARCC_RCC_DMD_PROXY"
set srcintf "ARCC_LAN"
set dstintf "GRE-RCC" "GRE-RCC-B"
set srcaddr "ARCC_TC"
set dstaddr "RCC_TC"
set action accept
set schedule "always"
set service "RCC_ACK_CHANNEL" "RCC_DB_CHANNEL" "PING"
next
edit 2
set name "RCC_ARCC_DMD_PROXY"
set srcintf "GRE-RCC" "GRE-RCC-B"
set dstintf "ARCC_LAN"
set srcaddr "RCC_TC"
set dstaddr "ARCC_TC"
set action accept
set schedule "always"
set service "RCC_ACK_CHANNEL" "RCC_DB_CHANNEL" "PING"
next
edit 3
set name "ARCC_ADIC_VOIP"
set srcintf "ARCC_LAN"
set dstintf "GRE-ADIC-2114" "GRE-ADIC-2134"
set srcaddr "ARCC_VOIP_PHONE_1" "ARCC_VOIP_PHONE_2"
set dstaddr "ADIC_CALL_MANAGER"
set action accept
set schedule "always"
set service "SIP" "ADIC_RTP"
set nat enable
next
edit 4
set name "ADIC_ARCC_VOIP"
set srcintf "GRE-ADIC-2114" "GRE-ADIC-2134"
set dstintf "ARCC_LAN"
set srcaddr "ADIC_CALL_MANAGER"
set dstaddr "ARCC_VOIP_PHONE_1" "ARCC_VOIP_PHONE_2"
set action accept
set schedule "always"
set service "SIP" "ADIC_RTP"
set nat enable
next
edit 5
set name "ARCC_AADIC_VOIP"
set srcintf "ARCC_LAN"
set dstintf "GRE-AADIC-4114" "GRE-ADIC-4134"
set srcaddr "ARCC_VOIP_PHONE_1" "ARCC_VOIP_PHONE_2"
set dstaddr "AADIC_CALL_MANAGER"
set action accept
set schedule "always"
set service "SIP" "ADIC_RTP"
set nat enable
next
edit 6
set name "AADIC_RCC_VOIP"
set srcintf "GRE-ADIC-4114" "GRE-ADIC-4134"
set dstintf "ARCC_LAN"
set srcaddr "AADIC_CALL_MANAGER"
set dstaddr "ARCC_VOIP_PHONE_1" "ARCC_VOIP_PHONE_2"
set action accept
set schedule "always"
set service "SIP" "ADIC_RTP"
set nat enable
next
What is this mystery? Do i need to use purge command or rename the edit x number and remove uuid for each policy to see all included again?
The dashboard shows partially the total number of policies but by CLI everything is fine. It could be a bug.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.