Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
biltjc
New Contributor

Created on ‎10-28-2014 01:58 AM

Show Policy in CLI

Hello,

 

I used with Juniper to show a policy list based on search criterias.

I'd like to do the same with my fortigate but I don't find how to do.

 

I'm doing : get firewall policy

But the result is only ID's.

 

Is there a way to get policy ?

65549
0 Kudos
12 REPLIES 12
ede_pfau
SuperUser
SuperUser

Created on ‎10-28-2014 02:08 AM

Try 'show firewall policy | grep <something>' or even 'show full firewall policy | grep <something>'.

With newer versions of FortiOS grep can take options:

gate # show | grep -X
grep: invalid option -- X
Usage: grep [-invcABC] PATTERN
Options:
        -i      Ignore case distinctions
        -n      Print line number with output lines
        -v      Select non-matching lines
        -c      Only print count of matching lines
        -A      Print NUM lines of trailing context
        -B      Print NUM lines of leading context

        -C      Print NUM lines of output context


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
8745
0 Kudos
biltjc
New Contributor

Created on ‎10-28-2014 02:12 AM

Thank you for your reply.

 

grep find some lines in the policy but I only have 'set dstaddr server_A' by example.

How could I show the whole policy containing that server ?

Maybe is it impossible ?

8745
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎10-28-2014 02:18 AM

'grep' is not context sensitive - it doesn't know about how many lines belong to a policy. The best you can do is to use 'grep -C  20' or so to show 20 lines around the match.

 

If you need detailed inspection I recommend to download the config and load it in an editor. But that is not context aware neither.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
8745
0 Kudos
biltjc
New Contributor

Created on ‎10-28-2014 02:21 AM

I know what I can do or not now.

It's a pity there is no CLI function to get policy.

 

Thanks a lot for your help.

 

8745
0 Kudos
norouzi
Contributor

Created on ‎10-28-2014 04:59 AM

Do not compare Fortinet and Juniper ;)

Just kidding

 

In the CLI you can use "?" whenever you want.

show firewall policy

or:

 

config firewall policy

show

end

 

8745
0 Kudos
biltjc
New Contributor

Created on ‎10-28-2014 05:23 AM

Thank you for the tip norouzi

8745
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎10-29-2014 12:00 AM

And if you the exact policy id# than you can do a "show firewall policy <the #>" . Yes it's similar to a juniper  but does not have the display set or match capabilities.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
8745
0 Kudos
SgtMalicious
New Contributor III

Created on ‎10-30-2014 01:26 PM

I had the same problem as you coming from ScreenOS. You may be interested in this: [link]https://forum.fortinet.com/tm.aspx?m=104633[/link]

8745
0 Kudos
amitkor
New Contributor

Created on ‎10-31-2014 10:14 AM

On the other hand, fortigate has better GUI ^^

8745
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.