The grouping of policy is a perfect way to handle (or review) a bunch of policies on the GUI, but to verify the exact order it would be great to get an ungrouped view of all policies?
Is there a hidden switch to show all policies in the exact order on the GUI - or should I use the CLI?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can re-order the policies by dragging and dropping them on the sequence number column. Alternatively, there is cut/copy/paste support, also available by right-clicking on the sequence #. You can click on the By Sequence option available under the right side corner of the firewall policy.
>
@kaman wrote:You can re-order the policies by dragging and dropping them on the sequence number column. Alternatively, there is cut/copy/paste support, also available by right-clicking on You can click on the By Sequence option available under the right side corner of the firewall policy.
Thanks for your answer. Sorry, but unfortunatelly I cannot see any button. It seems that there is no sorting option after having activated the grouping.
If you need to view all policies in the exact order, you can use the CLI command "show firewall policy". This command will display all firewall policies configured on the FortiGate device in the order they are applied. The output will include details such as the policy ID, source and destination addresses, services, and action.
Does FortiOS 7.4 provide an option to show the firewall policy as ordered in "show firewall policy". If not I could script a bookmarklet to show that policy in the WebUI similar to this.
Firstly, as kaman mentioned, there is a switch in the upper right corner of the web page "By sequence" which switches off interface-pair grouping.
Apart from getting a quick overview (for instance, which policies use a specific security profile, or NAT) and being able to filter the complete policy table, you will not gain more "exactness". The interface-pair view displays the exact sequence in which packets are matched, just filtered by interface pairs.
In "by sequence" view, the policy ID does NOT determine the sequence of matches - it's only there to identify the policy.
Last hint: to display the policy ID in either view, click the header row and enable "ID". After applying this, you can drag the column to whereever you like it to be. I prefer the very first column.
@ede_pfau wrote:Firstly, as kaman mentioned, there is a switch in the upper right corner of the web page "By sequence" which switches off interface-pair grouping.
Thank you for the feedback: The issue with the display of the ordering is related to the "By sequence" view which does not show the order of the processed policies.
The grouping seems to be good for maintaining an overview but may cause unintended policy actions when you mix allow and deny rules.
Therefore, an ungrouped view would be very helpful.
I added the ungrouped view to our communities' FortiGate WebUI Tools extension.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.