--> If you want to find out which policies are not used on your Fortinet firewall or which is not important then it can be done by using three methods.
1) On Policy Section
-->, First of all, you need to insert a new column " HIT Count" in Policy & Objects -> IPv4 policy.
--> Hit count will increase whenever the rule matches on the firewall.
--> By default when the firewall is configured for the first time or rebooted, all the hit counters are set to zero.
--> All the unused policies on the Fortinet firewall will be having hit count zero.
--> You can also add last used column on the policy to check when the rule matched on the firewall last.
2) Security Fabric
--> By using Security Audit on Security Fabric of the Fortinet firewall we can find out which policies are not being used on the firewall.
--> In Forti OS 6.0, it is called as Security Rating.
3) Forti Manager Policy Check
--> We can run a "Policy Check" on a policy package in FortiManager which identifies the policies which are "shadowed" and therefore are redundant and will never match traffic.
--> To run Policy Check on Forti Manager, navigate to Fortigate ADOM > Policy Packages > Policy Package > Policy Check.
Ref: Fortinet.com
Md.Kareemoddin
CCIE # 54759
1) On Policy Section
-->, First of all, you need to insert a new column " HIT Count" in Policy & Objects -> IPv4 policy.
--> Hit count will increase whenever the rule matches on the firewall.
--> By default when the firewall is configured for the first time or rebooted, all the hit counters are set to zero.
--> All the unused policies on the Fortinet firewall will be having hit count zero.
--> You can also add last used column on the policy to check when the rule matched on the firewall last.
2) Security Fabric
--> By using Security Audit on Security Fabric of the Fortinet firewall we can find out which policies are not being used on the firewall.
--> In Forti OS 6.0, it is called as Security Rating.
3) Forti Manager Policy Check
--> We can run a "Policy Check" on a policy package in FortiManager which identifies the policies which are "shadowed" and therefore are redundant and will never match traffic.
--> To run Policy Check on Forti Manager, navigate to Fortigate ADOM > Policy Packages > Policy Package > Policy Check.
Ref: Fortinet.com
Md.Kareemoddin
CCIE # 54759
0 Comments