Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Rathan_FTNT
Staff
Staff

Created on ‎08-15-2020 07:19 AM

Article Id 194590

Technical Tip: View the UUID in policy

Description
This article describes how to view the UUID in policy.



Scope
Reference from Mantis The UUID field has been added to all policy types, including multicast, local-in (IPv4 and IPv6), and central SNAT policies.
UUIDs are automatically generated by FortiOS when the policy is created and can be viewed in the CLI using the show command.

Solution
To view the UUID for a multicast policy.

Create a policy.
# config firewall multicast-policy
    edit 1
        set comments "multicast-policy-1"
        set logtraffic enable
        set srcintf "wan1"
        set dstintf "wan2"
        set srcaddr "all"
        set dstaddr "230-0-0-1" "test-multicast-addr-1"
        set snat enable
        set snat-ip 10.1.100.188
        set dnat 229.1.2.19
        set auto-asic-offload disable
    next
end
Use the show command to see the UUID.
# show firewall multicast-policy
# config firewall multicast-policy
    edit 1
        set uuid d0f74f64-fc41-51e9-2dfc-729f027e9979
        set comments "multicast-policy-1"
        set logtraffic enable
        set srcintf "wan1"
        set dstintf "wan2"
        set srcaddr "all"
        set dstaddr "230-0-0-1" "test-multicast-addr-1"
        set snat enable
        set snat-ip 10.1.100.188
        set dnat 229.1.2.19
        set auto-asic-offload disable
    next
end
To view the UUID for an IPv4 or IPv6 local-in policy.

Create a policy.
# config firewall local-in-policy
    edit 1
        set intf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set service "PING"
        set schedule "always"
        set comments "test-1"
    next
end
Use the show command to see the UUID.
# show firewall local-in-policy
# config firewall local-in-policy
    edit 1
        set uuid 1aeb7d98-0016-51ea-7913-b6d62f4409cd
        set intf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set service "PING"
        set schedule "always"
        set comments "test-1"
    next
end
To view the UUID for a central SNAT policy.

Create a policy.
# config firewall central-snat-map
    edit 1
        set srcintf "wan2"
        set dstintf "wan1"
        set orig-addr "all"
        set dst-addr "all"
        set orig-port 11111
        set nat-ippool "Overload-ippool-1"
        set nat-port 22222
    next
end
Use the show command to see the UUID.
# show firewall central-snat-map
# config firewall central-snat-map
    edit 1
        set uuid d0f87af6-fc41-51e9-ef72-32f8655f8008
        set srcintf "wan2"
        set dstintf "wan1"
        set orig-addr "all"
        set dst-addr "all"
        set orig-port 11111
        set nat-ippool "Overload-ippool-1"
        set nat-port 22222
    next
end

Labels:
8184
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.