Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Staff
Staff

Created on ‎09-20-2010 02:15 AM

Article Id 193232

Technical Note : How to maintain FortiGate Firewall Numbering when using import scripts for rule sets

Description

This article explains how to maintain FortiGate Firewall policy rule number sequencing when using import scripts.


Scope

All FortiOS versions.


Solution
Connect to the CLI of the FortiGate.  To add a new Firewall Rule set simply create the firewall policy with an id of "0", it will take the next available rule number.
FG300B3908606491 # config firewall policy
FG300B3908606491 (policy) # edit 0 -----> put 0
new entry '0' added
FG300B3908606491 (0) # set srcintf port3
FG300B3908606491 (0) # set dstintf port2
FG300B3908606491 (0) # set srcaddr all
FG300B3908606491 (0) # set dstaddr all
FG300B3908606491 (0) # set service ANY
FG300B3908606491 (0) # set schedule always
FG300B3908606491 (0) # show
config firewall policy
edit 7 -------------> ID 7 has been given to this policy
set srcintf "port3"
set dstintf "port2"
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ANY"
next
end
FG300B3908606491 (0) # next
FG300B3908606491 (policy) #
If using an import script then always have the rule number set to "0" so that the sequencing within FortiOS is respected when the script runs.

Labels:
3833
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.