Created on 08-30-2020 01:52 PM Edited on 09-21-2023 11:50 PM By Jean-Philippe_P
Description
This article explains how to change the order of the IPV4, traffic shaping, local-in and SD-WAN policy list in the CLI.
Scope
FortiGate.
Solution
It is possible to change the policy order in the IPV4 list by dragging items in the GUI, or by entering the CLI commands outlined in this article. The ID number of moved policies does not change.
For example, to move policy 10 before or after policy 30, enter the following command:
config firewall policy
move 10 <'before' or 'after'> 30
end
The move subcommand is only available to use in tables where the order of entries makes a difference to function. The same process can be used to manage traffic shaping, local-in, and SD-WAN policies.
See the attached console logs for information about lab tests demonstrating policy order changes.
If multiple VIP entries are configured and it is desired to change the order of VIP through the CLI, use the following commands:
config firewall vip
move <VIP NAME> [before/after] <VIP NAME>
end
After running the commands:
It also applies to Dynamic Port Policies. These policies are processed sequentially just like firewall policies. However, it is not possible to drag and drop on the GUI. It must be done in the CLI. The example below shows how to move policy 'User1' above 'Other users' as it is more specific:
To move the URL filter entries, for example move entry 2 before entry 1:
config webfilter urlfilter
edit <>
config entries
move 2 before 1
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.