Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
zsylamm
New Contributor

How to find highest policy id

How can I find a highest policy Id used on a vdom firewall policy? As they are not ordered in any particular way

5 REPLIES 5
kgeorge
Staff
Staff

Hello,

 

Greetings!

 

I believe, you would like to know which Policy would be having more weightage. If not, kindly explain your exact requirement.

 

Please be advised that, the Policy ID does not matter however the order does. The Policy on the top of the list take precedence and traffic matches down the list (Top to Bottom).

 

In order to know the Policy ID, you can add the Column called "ID" in Firewall Policy.

 

Have a nice day!

Regards,
Klint George
zsylamm

Thanks Klint,

 

I am concerned more about the actual policy ID then about the order. However I am happy to follow some best practices in here. I am automating policy provisioning and I want to make sure that I use a new policy ID that is the highest currently used policyID +1.

The background is that I do have policies configured for given vdom in inconsistent way...

For example just a part of the output from show firewall policy

edit 1445

edit 1446

edit 200201

edit 200202

etc

Now when I create a new policy I want to be able to find the highest used policyID on that device/vdom and add 1 and use it for configuring the policy.

Is there  a way to know the highest used policy ID?

Or maybe another way to handle it?

Maybe I can find in a simpler was the first available policy ID?

 

nilmoe
New Contributor II

Hi,

 

on the FGT CLI you can create a new policy with the ID "0". This will always use a free ID slot in your policy set.

 

config firewall policy

edit 0

...

 

Hope this helps.

 

Regards

Nils

kgeorge

Welcome and my pleasure.

 

As mentioned by Nils, "edit 0" will take the next available slot that is, if there Policy ID 15 which is the highest/last one created, this "edit 0" will automatically take ID 16 for that new Firewall Policy.

 

And, there is no option to check the highest Policy ID directly on FortiGate however, starting 7.0.2 (https://docs.fortinet.com/document/fortigate/7.0.0/new-features/862475/export-firewall-policy-list-t...) there is an option to export the Firewall Policies to CSV or JSON format and there, you can filter things accordingly and check.

 

Hope this helps.

 

Have a nice day!

 

Regards,

Klint George

Regards,
Klint George
Toshi_Esumi
Esteemed Contributor III

Just be aware that even there are big holes in the middle like skipping from "edit 1999" to "edit 3000", the "edit 0" doesn't find the one available like "edit 2000". It finds literally the highest+1 among those all policies.

 

Toshi

Labels
Top Kudoed Authors