Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
joh2k
New Contributor III

Created on ‎02-08-2023 01:21 AM

fortigate simulation tool

Hello everyone,

 

Is there a simulation tool in FortiGate   where

1) you provide a source ip/port and a destination ip/port and service (maybe more parameters)

2) the tool returns you what policy, security profiles, etc and actions would be applied acoording to the current settings?

 

Thanks for your help,

 

 

Labels:
12867
0 Kudos
1 Solution
abarushka
Staff
Staff

Created on ‎02-08-2023 01:25 AM Edited on ‎02-08-2023 01:39 AM

Hello,

 

It exists and it is built-in in FortiOS (CLI/GUI). Please find the details about CLI tool following the link below:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Trace-which-firewall-policy-will-match-bas...

 

Please find the details about GUI tool following the link below:

https://docs.fortinet.com/document/fortigate/7.0.5/administration-guide/497952/policy-views-and-poli...

FortiGate

View solution in original post

12865
4 REPLIES 4
abarushka
Staff
Staff

Created on ‎02-08-2023 01:25 AM Edited on ‎02-08-2023 01:39 AM

Hello,

 

It exists and it is built-in in FortiOS (CLI/GUI). Please find the details about CLI tool following the link below:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Trace-which-firewall-policy-will-match-bas...

 

Please find the details about GUI tool following the link below:

https://docs.fortinet.com/document/fortigate/7.0.5/administration-guide/497952/policy-views-and-poli...

FortiGate
12866
joh2k
New Contributor III
In response to abarushka

Created on ‎02-08-2023 01:50 AM

Thanks. I get "Unkonwn action 0"

Fortigate1 $ diag firewall iprope lookup 10.187.1.100 12345 8.8.8.8 53 udp port2
Unknown action 0

Maybe I need to be administrator? I am on a readonly user

12858
0 Kudos
Debbie_FTNT
Staff
Staff
In response to joh2k

Created on ‎02-08-2023 02:24 AM

Hey joh2k,

 

yes, for the whole 'diagnose' commands you need to be an administrator; the diagnose commands can be pretty powerful and are thus locked behind admin privileges.

 

I believe you might still be able to use the policy lookup tool in FortiGate GUI though, as long as you have read permissions for that.

The administration guide link my colleague provided above contains a section about the Policy Lookup tool in FortiGate GUI.

 

I hope this helps!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
12846
0 Kudos
abarushka
Staff
Staff
In response to joh2k

Created on ‎02-08-2023 02:54 AM

Hello,

 

I tested in the lab (7.2.4 GA read-only admin). GUI and CLI worked just fine for me. Do you use VDOMs? Did you have a chance to check GUI?

FortiGate
12839
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.