- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
View of firewall policies without grouping
The grouping of policy is a perfect way to handle (or review) a bunch of policies on the GUI, but to verify the exact order it would be great to get an ungrouped view of all policies?
Is there a hidden switch to show all policies in the exact order on the GUI - or should I use the CLI?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can re-order the policies by dragging and dropping them on the sequence number column. Alternatively, there is cut/copy/paste support, also available by right-clicking on the sequence #. You can click on the By Sequence option available under the right side corner of the firewall policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
>
@kaman wrote:You can re-order the policies by dragging and dropping them on the sequence number column. Alternatively, there is cut/copy/paste support, also available by right-clicking on You can click on the By Sequence option available under the right side corner of the firewall policy.
Thanks for your answer. Sorry, but unfortunatelly I cannot see any button. It seems that there is no sorting option after having activated the grouping.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you need to view all policies in the exact order, you can use the CLI command "show firewall policy". This command will display all firewall policies configured on the FortiGate device in the order they are applied. The output will include details such as the policy ID, source and destination addresses, services, and action.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does FortiOS 7.4 provide an option to show the firewall policy as ordered in "show firewall policy". If not I could script a bookmarklet to show that policy in the WebUI similar to this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Firstly, as kaman mentioned, there is a switch in the upper right corner of the web page "By sequence" which switches off interface-pair grouping.
Apart from getting a quick overview (for instance, which policies use a specific security profile, or NAT) and being able to filter the complete policy table, you will not gain more "exactness". The interface-pair view displays the exact sequence in which packets are matched, just filtered by interface pairs.
In "by sequence" view, the policy ID does NOT determine the sequence of matches - it's only there to identify the policy.
Last hint: to display the policy ID in either view, click the header row and enable "ID". After applying this, you can drag the column to whereever you like it to be. I prefer the very first column.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ede_pfau wrote:Firstly, as kaman mentioned, there is a switch in the upper right corner of the web page "By sequence" which switches off interface-pair grouping.
Thank you for the feedback: The issue with the display of the ordering is related to the "By sequence" view which does not show the order of the processed policies.
The grouping seems to be good for maintaining an overview but may cause unintended policy actions when you mix allow and deny rules.
Therefore, an ungrouped view would be very helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I added the ungrouped view to our communities' FortiGate WebUI Tools extension.
