FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff
Article Id 198112
Description
Certain FortiGate configuration objects can be renamed by using the CLI command "rename".
Scope
Example provided in FortiOS 4.0MR2

Solution
The following commands can be used to check whether an object can be renamed.  The "?" command is used to show the list of all available sub-commands in a particular context.

FGT# config firewall address
FGT(address) #  ?

edit      add/edit a table value
delete    delete a table value
purge     clear all table value
rename    rename a table entry                < rename is available
get       get dynamic and system information
show      show configuration
end       end and save last config

If the "rename" option does not appear in the list of sub-commands, the given object cannot be renamed (such as in FortiOS 4.0MR2 : VPN phase1, interface names, firewall policy index, static route and policy based route index).

The rename command can then be used as shown below.

FGT(address) # rename <old_name> to <new_name>

The following example shows how to change the name of a firewall address, a firewall address group, and an AV protection profile.
 
1.  Object used in a Firewall Policy and addrgrp configuration before the changes.
FGT# show  firewall policy 3
config firewall policy
    edit 3
        set srcintf "dmz"
        set dstintf "internal"
            set srcaddr "src_addr_before"
            set dstaddr "dst_addr_group_before"
        set action accept
        set utm-status enable
        set schedule "always"
            set service "ANY"
        set av-profile "av_profile_before"
        set profile-protocol-options "proto_options_before"
    next
end

FGT# sho firewall addrgrp
config firewall addrgrp
    edit "dst_addr_group_before"
            set member "address_before"
    next
end

2.  Rename objects.
FGT# config firewall address
FGT(address) # rename src_addr_before to src_addr_after
FGT(address) # end

FGT# config firewall addrgrp
FGT(addrgrp) # rename dst_addr_group_before to dst_addr_group_after
FGT(addrgrp) # end

FGT# config antivirus profile
FGT(profile) # rename av_profile_before to  av_profile_after
FGT(profile) # end

FGT# config firewall profile-protocol-options
FGT(profile-protoc~l) # rename proto_options_before to proto_options_after
FGT(profile-protoc~l) # end

3.  Verify object used in a Firewall Policy and addrgrp configuration after the changes.
FGT# show  firewall policy 3
config firewall policy
    edit 3
        set srcintf "dmz"
        set dstintf "internal"
            set srcaddr "src_addr_after"
            set dstaddr "dst_addr_group_after"
        set action accept
        set utm-status enable
        set schedule "always"
            set service "ANY"
        set av-profile "av_profile_after"
        set profile-protocol-options "proto_options_after"
    next
end

FGT# sho firewall addrgrp
config firewall addrgrp
    edit "dst_addr_group_after"
            set member "address_after"
    next
end

Contributors