I am looking for a way to export the policies from my Fortigate into a user readable format so that we can perform an internal audit to ensure that all of our active policies are actually needed. Has anyone seen a way to do this?
If there is no native tool I will have to copy the policies out of the config file and generate a script that can parse through the text to output it to CSV or other usable format. But I would rather not reinvent the wheel.
Try it: https://github.com/Fatal-Halt/FortiGate-Config-Parser
Paulo Raponi, NSE8
The firewall policy can be found in human readable format in the FortiGate's configuration. It is under "config firewall policy" section and it is a series of commands in the following syntax:
config firewall policyedit <policy-number>......
You can retrieve the whole firewall policy as a text file, by issuing a "show" command under config firewall policy and then parse it as you wish. I don't know of any parsing tool, but I'm sure there are some in the net.