Hi
I'm new to the board and also very new to Fortigate. Have a lot of experience using asa firewalls but now migrating to Fortigates.
But I need some help.
We are migrating using the forticonvertor.
I’m looking for a simple solution to add the option
“set logtraffic-start enable” on every rule
It there a option to do this easily
I tried using the cli
config firewall policy
edit 0 - 4294967294
set logtraffic-start enable
But it does not accept the command “edit 0 – 4294967294”
Enabling it by hand on every rule is not a option. I hope there is a global command or at least a option to edit a range of rule numbers in one go.
Kind Regards
Eduard
The Netherlands
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Build a very small script 2 one liners. Did not copy paste it to the fortigate yet.
As a source I used a stored config backup of the fotigate (vdom).
I just learned do not run script on cli of fortigate. Because reading back the rules to fortimanager is not so great.
But run script in fortimager against the vdom
grep -b4 "set srcintf" "configfile of fortigate" | grep edit | awk -F- '{print $2}' > config.txt
sed -e 's/$/\n set logtraffic-start enable \n end/' -i config.txt
and then add serveral lines to the top of the file
Beacuas you run against vdom only one additional line needed
config firewall policy
And add at the end an additional
End
Eduard
Hi @eduard_w,
Which firmware version are you using? You can edit firewall policy on the GUI > Policy & Object. Make sure it is listed as "By Sequence". You can use "Shift" key to select all the policies and under the Log column, click the pencil and change to All and click Apply. See screenshot below
There is no CLI command to change them all at the same time. Is "0 - 4294967294" a policy name?
Regards,
The "Shift" key works the same way as Windows. Hold "Shift" and click on the first and last policy in the list will select all the policies.
Hi Thanks for the quick replies.
We are running 7.0.12 on the fortigate and v7.0.8 for the fortimanager
But the suggested solution does not work.
When I select all rules on the fortigate I can only change the log settings to ALL or Disabled or Utm. The option for log Generate logs when session start is not possible to select it is even not available on the gui on the fortigate. Only by cli
Using the fortimanager I have 3 log option to change when selecting al the rules. “Disable, Log security events, Log all Sessions”.
There is a bit of a mismatch in naming between Fortigat gui and fortimanger ☹.
On the fortimanager I can change only enable Generate logs when session start one rule at a time.
Eduard
Hi @eduard_w,
I can think of two ways of achieving that:
1- You can create a script editing one firewall policy at time, something like the below. You can create a bash or python script that generates it automatically (for only the firewall policy IDs present in your config):
config firewall policy
edit 1
set logtraffic-start enable
next
edit 2
set logtraffic-start enable
next
... ...
edit N
set logtraffic-start enable
next
end
2- Alternatively you can export a backup copy of the config from GUI, edit it with a text editor and restore it through the GUI menu. Restoring the config will cause a restart of the firewall.
Please bear in mind that enabling that setting on all firewall policies will generate a double amount of logs for each session hitting those firewall policies.
Regards,
Thanks, For now I think this is the only solution. Early i found this solution from 2014
Technical Note: Bulk rule changes and examples wit... - Fortinet Community
But i could not find the script which was menthiod.
Thanks for the advice.
Eduard
Hi Hamid, i tried that several times but i cannot enable logtraffic start by selecting all rules in the policy. The option is not available by selecting all rules. Or I do something wrong.
Eduard
Build a very small script 2 one liners. Did not copy paste it to the fortigate yet.
As a source I used a stored config backup of the fotigate (vdom).
I just learned do not run script on cli of fortigate. Because reading back the rules to fortimanager is not so great.
But run script in fortimager against the vdom
grep -b4 "set srcintf" "configfile of fortigate" | grep edit | awk -F- '{print $2}' > config.txt
sed -e 's/$/\n set logtraffic-start enable \n end/' -i config.txt
and then add serveral lines to the top of the file
Beacuas you run against vdom only one additional line needed
config firewall policy
And add at the end an additional
End
Eduard
If anyone is interested, it is easy to do this with excel. You just enter your lines as needed, highlight the group and then drag down the corner + to create copies and they populate numerically. .
I hope this proves to be helpful to someone.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1629 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.