Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- edit 0 position for ipsec firewall policy
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
edit 0 position for ipsec firewall policy
When adding firewall policies you can use edit 0 to get the "next" unused id but how do you track what id is assigned?
Right now I have three policies that are catch all with different logging and security profiles. Those are at the bottom when looked at with the CLI.
When I do an edit 0 a new policy number is picked but it is always added at the bottom below the catch all policies. The old policies will be hit and I will not get the policy ipsec until I re-order the policies manually.
Is there a way to move the existing policies to the bottom. I cannot re-order the new policies because the policy id is not known after the policy is created. A command like "move X to end" or "move X to bottom" would be helpful.
24825
24825
Labels:
- Labels:
-
FortiGate
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @aguerriero ,
Welcome to the community.
You can arrange the policies in the GUI, using the drag/drop method.
Also, in the CLI you can list the policies using the command:
show firewall policy
Then you can re-order them using the command:
config firewall policy move <id1> before|after <id2>
Hope this is what you are looking for.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @aguerriero ,
Welcome to the community.
You can arrange the policies in the GUI, using the drag/drop method.
Also, in the CLI, you can list the policies using the command:
show firewall policy
Then you can re-order them using the command:
config firewall policy move <id1> before|after <id2>
Hope this is what you are looking for.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That isn't what I am looking for. That is what I have to do now. Which means I have to log in manually and create the policies then manually move them.
I want to be able to automate it with ansible but edit 0 doesn't provide the policy number that is created as output. So the only piece of information I have is the existing policy.
24825
24825
Created on 09-19-2022 01:21 PM Edited on 09-19-2022 01:25 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You do not have to use id 0. This just picks the next available ID.
If you want to go about this in a programmatic way, you can use any ID in the range of 1 - 4294967294. Use an ID range for your automatically-added policies and then use the manually-assigned IDs to program the move above the catch-all policies that already exist in your table.
Also looking at the Ansible documentation it looks like you can do this with built-in commands. I'm not an Ansible expert so I could be wrong here but looks like you can define the creation of a policy and then move that policy after it's instantiated. Look at the "mkey" return value and the "move" action.
Cheers,
Graham
Graham
Labels
-
FortiGate
10,211 -
FortiClient
2,078 -
FortiManager
864 -
5.2
687 -
FortiAnalyzer
668 -
5.4
638 -
FortiSwitch
564 -
FortiAP
546 -
FortiClient EMS
530 -
6.0
416 -
IPsec
370 -
FortiMail
363 -
5.6
362 -
SSL-VPN
353 -
FortiNAC
260 -
6.2
251 -
Fortiweb
250 -
FortiAuthenticator v5.5
234 -
SD-WAN
178 -
FortiAuthenticator
164 -
FortiGuard
159 -
5.0
152 -
Firewall policy
130 -
6.4
128 -
FortiCloud Products
114 -
FortiGateCloud
113 -
Customer Service
111 -
FortiSIEM
110 -
FortiGate-VM
110 -
FortiToken
108 -
Wireless Controller
96 -
High Availability
82 -
FortiProxy
76 -
ZTNA
70 -
Fortivoice
69 -
Routing
69 -
VLAN
69 -
FortiEDR
68 -
FortiADC
67 -
DNS
67 -
SAML
64 -
Authentication
62 -
BGP
62 -
Certificate
58 -
radius
57 -
FortiSandbox
53 -
SSO
52 -
FortiLink
52 -
LDAP
52 -
FortiExtender
51 -
NAT
50 -
4.0MR3
49 -
Application control
47 -
FortiDNS
44 -
VDOM
41 -
Interface
40 -
FortiSwitch v6.4
39 -
Logging
39 -
FortiGate v5.4
38 -
Virtual IP
38 -
API
37 -
Web profile
37 -
FortiConnect
34 -
FortiConverter
33 -
FortiWAN
32 -
FortiPAM
32 -
SSL SSH inspection
31 -
RMA Information and Announcements
30 -
FortiGate v5.2
27 -
Automation
27 -
Static route
25 -
FortiPortal
24 -
Traffic shaping
24 -
SSID
24 -
FortiSwitch v6.2
23 -
System settings
23 -
FortiGate Cloud
22 -
SNMP
22 -
WAN optimization
21 -
FortiMonitor
20 -
OSPF
19 -
Web application firewall profile
19 -
Web rating
18 -
IP address management - IPAM
18 -
FortiSOAR
17 -
Admin
17 -
Security profile
17 -
FortiAP profile
17 -
FortiDDoS
16 -
FortiCASB
16 -
Antivirus profile
16 -
Proxy policy
15 -
FortiGate v5.0
14 -
IPS signature
14 -
Explicit proxy
13 -
Traffic shaping policy
13 -
Intrusion prevention
13 -
FortiManager v5.0
12 -
FortiManager v4.0
12 -
FortiDeceptor
12 -
FortiAnalyzer v5.0
12 -
FortiAI
12 -
NAC policy
12 -
Traffic shaping profile
12 -
Port policy
12 -
FortiWeb v5.0
11 -
FortiBridge
11 -
FortiRecorder
11 -
DNS filter
11 -
Fabric connector
11 -
FortiGate v4.0 MR3
10 -
Trunk
10 -
Users
10 -
Application signature
10 -
Fortinet Engage Partner Program
10 -
Vulnerability Management
9 -
FortiCache
8 -
FortiToken Cloud
8 -
Authentication rule and scheme
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
VoIP profile
7 -
Cloud Management Security
7 -
FortiCarrier
6 -
FortiScan
6 -
FortiDirector
6 -
DLP profile
6 -
DLP sensor
6 -
DoS policy
6 -
FortiHypervisor
5 -
FortiNDR
5 -
FortiTester
5 -
Internet service database
5 -
Email filter profile
5 -
Protocol option
5 -
3.6
4 -
DLP Dictionary
4 -
File filter
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiDB
3 -
FortiCWP
3 -
Kerberos
3 -
Multicast policy
3 -
FortiInsight
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
FortiEdge Cloud
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
Subscription Renewal Policy
1 -
GPRS Tuneling Protocol
1 -
Virtual wire pair
1 -
Lacework
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2428 | |
| 1303 | |
| 778 | |
| 556 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.