Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vrajendran
Staff
Staff

Created on ‎05-23-2013 05:21 AM Edited on ‎01-23-2024 05:32 AM By Moderator

Article Id 197062

Technical Tip: How to count the total number of firewall policies

Description

 

This article describes a method to count the total number of firewall policies on a FortiGate.

CLI commands listed below will display the total number of policies, and how many policies are enabled or disabled.

Scope

 
FortiOS firmware (all versions).


Solution

 

Using the command modifier '| grep' instructs the firewall to 'search for' the information that follows (in quotes if multiple words are used).

Using the command modifier '-c' instructs the firewall to only 'count' the number of occurrences.


The command to count the total number of firewall policies:

 

sh full-configuration firewall policy | grep -c 'set status'

 

To count enabled firewall policies:

 

sh full-configuration firewall policy | grep -c 'set status enable'

 

To count disabled firewall policies.

 

sh full-configuration firewall policy | grep -c 'set status disable'

 

This can be applied to all contexts, not only to firewall policies.

Note: this only works per VDOM, and does not display a summary of all vdoms. To see the output from another VDOM, that VDOM needs to be entered first.

11423
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.