Hot!Check Where Firewall Objects are Used

Author
Steven Lengua
Bronze Member
  • Total Posts : 29
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/09/04 13:56:27
  • Status: offline
2014/09/15 13:22:49 (permalink)
0

Check Where Firewall Objects are Used

I" m a Checkpoint Firewall guy. Yes, I know this is the wrong way to start a Fortinet forum post...haha. In the Checkpoint Firewall you could right click on a firewall object and it would show you where in the policy this object is used.

Is there an equivalent feature within the Fortinet Fortigate 600C? I have a list of firewall objects but have to dig through the policy to see where the objects are used. Yeppers, I' m new to Fortinet.

Thanks!
#1
Christopher McMullan_FTNT
Gold Member
  • Total Posts : 415
  • Scores: 34
  • Reward points: 0
  • Joined: 2014/09/08 08:00:33
  • Status: offline
RE: Check Where Firewall Objects are Used 2014/09/15 13:30:39 (permalink)
0
Hello Steven,

Whoever owned a firewall before Fortinet was founded needed to start at some point by saying " I' m a [other vendor] guy" . No worries there.

Most object pages in the GUI (addresses, VIPs, schedules, etc.) can have a column added to show References. Clicking on these hyperlinks will show you which policies and other objects reference each other.

There is a way to view the same information in the CLI, though there isn' t a full table of possible values, AFAIK. The syntax for me has been guesswork:
diag sys checkused path.object.mkey

For example, for the WAN1 interface on one of my firewalls:
FortiMcWiFi # diag sys checkused system.interface.name wan1
entry used by table system.interface:name ' FCT_IPSec'
entry used by table system.interface:name ' FortinetVPN'
entry used by child table dashboard:id ' 43' of table system.admin:name ' admin'
entry used by child table monitor-interface:interface-name ' wan1' of table system.ddns:ddnsid ' 1'
entry used by complex system.modem:interface
entry used by table vpn.ipsec.phase1:name ' policy_test'
entry used by table vpn.ipsec.phase1-interface:name ' FCT_IPSec'
entry used by table vpn.ipsec.phase1-interface:name ' FortinetVPN'
entry used by table firewall.vip:name ' McPLEX_TCP'
entry used by table firewall.vip:name ' McPLEX_UDP'
entry used by table firewall.vip:name ' PBX - HTTP_XML'
entry used by table firewall.vip:name ' PBX - SIP'
entry used by table firewall.vip:name ' PBX - TFTP'
entry used by table firewall.vip:name ' RTP - 6100'
entry used by table firewall.vip:name ' RTP - 6102'
entry used by table firewall.vip:name ' RTP - 6104'
entry used by table firewall.vip:name ' RTP - 6106'
entry used by table firewall.vip:name ' RTP - 6108'
entry used by table firewall.vip:name ' RTP - 6110'
entry used by table firewall.vip:name ' RTP - 6112'
entry used by table firewall.vip:name ' RTP - 6114'
entry used by table firewall.vip:name ' michael_rdp'
entry used by table firewall.vipgrp:name ' McPLEX_VIP'
entry used by table firewall.vipgrp:name ' PBX'
entry used by child table srcintf:name ' wan1' of table firewall.policy:policyid ' 31'
...
etc.
< Message edited by Christopher McMullan -- 9/15/2014 1:31:35 PM >

Regards,
Chris McMullan
Fortinet Ottawa
#2
jorge9090
Bronze Member
  • Total Posts : 43
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/09/01 07:03:53
  • Location: Mexico
  • Status: offline
RE: Check Where Firewall Objects are Used 2014/09/15 13:50:23 (permalink)
0
Go to the Firewall objects and enable the " Ref." column, there you will see where it is used.
#3
rwpatterson
Expert Member
  • Total Posts : 8404
  • Scores: 195
  • Reward points: 0
  • Joined: 2006/08/08 10:08:18
  • Location: Long Island, New York, USA
  • Status: online
RE: Check Where Firewall Objects are Used 2014/09/16 05:06:50 (permalink)
0
Technically, it will show you in how many places it' s used. When you drill further down (click on the link), it will tell you where it' s being used.

-Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

-4.3.19-b0694
FWF60B
FWF80CM (4)
FWF81CM (2)
 
#4
Steven Lengua
Bronze Member
  • Total Posts : 29
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/09/04 13:56:27
  • Status: offline
RE: Check Where Firewall Objects are Used 2014/09/16 10:00:34 (permalink)
0
Awesome!! These suggestions are just what I needed. The reference column did the trick. Think I' m starting to like this firewall.
#5
bommi
Gold Member
  • Total Posts : 146
  • Scores: 12
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: offline
Re: RE: Check Where Firewall Objects are Used 2019/06/18 13:17:31 (permalink)
0
Buy a FortiManager and you will get your "Where used" feature ;-)
#6
Jump to:
© 2019 APG vNext Commercial Version 5.5