Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
joh2k
New Contributor III

fortigate simulation tool

Hello everyone,

 

Is there a simulation tool in FortiGate  where

1) you provide a source ip/port and a destination ip/port and service (maybe more parameters)

2) the tool returns you what policy, security profiles, etc and actions would be applied acoording to the current settings?

 

Thanks for your help,

 

 

1 Solution
abarushka
Staff
Staff

Hello,

 

It exists and it is built-in in FortiOS (CLI/GUI). Please find the details about CLI tool following the link below:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Trace-which-firewall-policy-will-match-bas...

 

Please find the details about GUI tool following the link below:

https://docs.fortinet.com/document/fortigate/7.0.5/administration-guide/497952/policy-views-and-poli...

FortiGate

View solution in original post

4 REPLIES 4
abarushka
Staff
Staff

Hello,

 

It exists and it is built-in in FortiOS (CLI/GUI). Please find the details about CLI tool following the link below:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Trace-which-firewall-policy-will-match-bas...

 

Please find the details about GUI tool following the link below:

https://docs.fortinet.com/document/fortigate/7.0.5/administration-guide/497952/policy-views-and-poli...

FortiGate
joh2k
New Contributor III

Thanks. I get "Unkonwn action 0"

Fortigate1 $ diag firewall iprope lookup 10.187.1.100 12345 8.8.8.8 53 udp port2
Unknown action 0

Maybe I need to be administrator? I am on a readonly user

Debbie_FTNT

Hey joh2k,

 

yes, for the whole 'diagnose' commands you need to be an administrator; the diagnose commands can be pretty powerful and are thus locked behind admin privileges.

 

I believe you might still be able to use the policy lookup tool in FortiGate GUI though, as long as you have read permissions for that.

The administration guide link my colleague provided above contains a section about the Policy Lookup tool in FortiGate GUI.

 

I hope this helps!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
abarushka

Hello,

 

I tested in the lab (7.2.4 GA read-only admin). GUI and CLI worked just fine for me. Do you use VDOMs? Did you have a chance to check GUI?

FortiGate
Labels
Top Kudoed Authors