- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upload of configuration
I have edit a configuration file for my fortinet 600D. He load and running correctly but when I visualize the firewall policy on the dashboard only few security policies has been updated . If i try to include manually the system said that the label of policy already exist. If i download the backup of configuration the number of policy are different from the policies visualized on the dashboard . This issue i have only for firewall policy all the other section are corrected interpretated.
Any idea? any command to know if the input file has issues? I tried also with different editor but nothing
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The dashboard shows partially the total number of policies but by CLI everything is fine. It could be a bug.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not completely sure what do you see and where.
A picture , or actual error/warning message, will help.
If I have a look to policies, then I can see them in Policy&Objects with switch on top right to change between interface pair view and all policies ordered by their sequence numbers.
On Dashboard is FortiView on Policies, which shows ONLY those which has/had some active sessions, or transferred any bytes (which is default Sort option, see settings of the widget).
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Created on 09-14-2022 01:22 AM Edited on 09-14-2022 09:04 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tom I appreciated a lot your support!. In the Policy&Object the problem. I can able to visualize some policies but missing others!! If I tried also by CLI to edit a number specific but only some numbers are present other numbers are missing. In short in the list of policies in the original conf file loaded in the firewall and some of them are removed or not included. I send you an example belove : for instance until 2 is ok them miss 3 (third policy) , the fourth has been included and 5 and 6 no. Why these policies are not loaded correctly and other yes? syntax is perfect. If i tried to include manually the missing policy the interface reply that already exist.
-----------
config firewall policy
edit 1
set name "ARCC_RCC_DMD_PROXY"
set srcintf "ARCC_LAN"
set dstintf "GRE-RCC" "GRE-RCC-B"
set srcaddr "ARCC_TC"
set dstaddr "RCC_TC"
set action accept
set schedule "always"
set service "RCC_ACK_CHANNEL" "RCC_DB_CHANNEL" "PING"
next
edit 2
set name "RCC_ARCC_DMD_PROXY"
set srcintf "GRE-RCC" "GRE-RCC-B"
set dstintf "ARCC_LAN"
set srcaddr "RCC_TC"
set dstaddr "ARCC_TC"
set action accept
set schedule "always"
set service "RCC_ACK_CHANNEL" "RCC_DB_CHANNEL" "PING"
next
edit 3
set name "ARCC_ADIC_VOIP"
set srcintf "ARCC_LAN"
set dstintf "GRE-ADIC-2114" "GRE-ADIC-2134"
set srcaddr "ARCC_VOIP_PHONE_1" "ARCC_VOIP_PHONE_2"
set dstaddr "ADIC_CALL_MANAGER"
set action accept
set schedule "always"
set service "SIP" "ADIC_RTP"
set nat enable
next
edit 4
set name "ADIC_ARCC_VOIP"
set srcintf "GRE-ADIC-2114" "GRE-ADIC-2134"
set dstintf "ARCC_LAN"
set srcaddr "ADIC_CALL_MANAGER"
set dstaddr "ARCC_VOIP_PHONE_1" "ARCC_VOIP_PHONE_2"
set action accept
set schedule "always"
set service "SIP" "ADIC_RTP"
set nat enable
next
edit 5
set name "ARCC_AADIC_VOIP"
set srcintf "ARCC_LAN"
set dstintf "GRE-AADIC-4114" "GRE-ADIC-4134"
set srcaddr "ARCC_VOIP_PHONE_1" "ARCC_VOIP_PHONE_2"
set dstaddr "AADIC_CALL_MANAGER"
set action accept
set schedule "always"
set service "SIP" "ADIC_RTP"
set nat enable
next
edit 6
set name "AADIC_RCC_VOIP"
set srcintf "GRE-ADIC-4114" "GRE-ADIC-4134"
set dstintf "ARCC_LAN"
set srcaddr "AADIC_CALL_MANAGER"
set dstaddr "ARCC_VOIP_PHONE_1" "ARCC_VOIP_PHONE_2"
set action accept
set schedule "always"
set service "SIP" "ADIC_RTP"
set nat enable
next
What is this mystery? Do i need to use purge command or rename the edit x number and remove uuid for each policy to see all included again?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The dashboard shows partially the total number of policies but by CLI everything is fine. It could be a bug.