Next Generation Firewall (NGFW)

Expand all | Collapse all

Fortigate Firewall Policy Export

  • 1.  Fortigate Firewall Policy Export

    Posted Dec 20, 2016 07:12 AM

    Hello,

    I am looking for a way to export the policies from my Fortigate into a user readable format so that we can perform an internal audit to ensure that all of our active policies are actually needed.  Has anyone seen a way to do this?

    If there is no native tool I will have to copy the policies out of the config file and generate a script that can parse through the text to output it to CSV or other usable format.  But I would rather not reinvent the wheel.

    Thanks

     

     



  • 2.  RE: Fortigate Firewall Policy Export

    Posted Dec 21, 2016 07:06 AM

    Try it: https://github.com/Fatal-Halt/FortiGate-Config-Parser

     

    Regards,

    Paulo Raponi, NSE8



  • 3.  RE: Fortigate Firewall Policy Export

    Posted Jan 04, 2017 03:08 AM

    Hi,

    The firewall policy can be found in human readable format in the FortiGate's configuration. It is under "config firewall policy" section and it is a series of commands in the following syntax:

    config firewall policy
    edit

    next

    edit

    ...

    ...

    next

    ...
    end

    You can retrieve the whole firewall policy as a text file, by issuing a "show" command under config firewall policy and then parse it as you wish. I don't know of any parsing tool, but I'm sure there are some in the net.

     

    Regards

    Andreas



  • 4.  RE: Fortigate Firewall Policy Export

    Posted Apr 15, 2020 09:06 AM
    And here's a KnowledgeBase article that spells out a clean way to do what you need:

    https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD33201&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=136844876&stateId=1%200%20136846255')