Fortinet black logo

New Features

UUID field added to all policy types

Copy Link
Copy Doc ID de1e129a-0283-11ea-8977-00505692583a:599684
Download PDF

UUID field added to all policy types

The UUID field has been added to all policy types, including multicast, local-in (IPv4 and IPv6), and central SNAT policies. UUIDs are automatically generated by FortiOS when the policy is created and can be viewed in the CLI using the show command.

A comments field has also been added for multicast policies.

To view the UUID for a multicast policy:
  1. Create a policy:
    config firewall multicast-policy
        edit 1
            set comments "multicast-policy-1"
            set logtraffic enable
            set srcintf "wan1"
            set dstintf "wan2"
            set srcaddr "all"
            set dstaddr "230-0-0-1" "test-multicast-addr-1"
            set snat enable
            set snat-ip 10.1.100.188
            set dnat 229.1.2.19
            set auto-asic-offload disable
        next
    end
  2. Use the show command to see the UUID:
    # show firewall multicast-policy
    config firewall multicast-policy
        edit 1
            set uuid d0f74f64-fc41-51e9-2dfc-729f027e9979
            set comments "multicast-policy-1"
            set logtraffic enable
            set srcintf "wan1"
            set dstintf "wan2"
            set srcaddr "all"
            set dstaddr "230-0-0-1" "test-multicast-addr-1"
            set snat enable
            set snat-ip 10.1.100.188
            set dnat 229.1.2.19
            set auto-asic-offload disable
        next
    end
To view the UUID for an IPv4 or IPv6 local-in policy:
  1. Create a policy:
    config firewall local-in-policy
        edit 1
            set intf "wan1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set service "PING"
            set schedule "always"
            set comments "test-1"
        next
    end
  2. Use the show command to see the UUID:
    # show firewall local-in-policy
    config firewall local-in-policy
        edit 1
            set uuid 1aeb7d98-0016-51ea-7913-b6d62f4409cd
            set intf "wan1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set service "PING"
            set schedule "always"
            set comments "test-1"
        next
    end
To view the UUID for a central SNAT policy:
  1. Create a policy:
    config firewall central-snat-map
        edit 1
            set srcintf "wan2"
            set dstintf "wan1"
            set orig-addr "all"
            set dst-addr "all"
            set orig-port 11111
            set nat-ippool "Overload-ippool-1"
            set nat-port 22222
        next
    end
  2. Use the show command to see the UUID:
    # show firewall central-snat-map
    config firewall central-snat-map
        edit 1
            set uuid d0f87af6-fc41-51e9-ef72-32f8655f8008
            set srcintf "wan2"
            set dstintf "wan1"
            set orig-addr "all"
            set dst-addr "all"
            set orig-port 11111
            set nat-ippool "Overload-ippool-1"
            set nat-port 22222
        next
    end

UUID field added to all policy types

The UUID field has been added to all policy types, including multicast, local-in (IPv4 and IPv6), and central SNAT policies. UUIDs are automatically generated by FortiOS when the policy is created and can be viewed in the CLI using the show command.

A comments field has also been added for multicast policies.

To view the UUID for a multicast policy:
  1. Create a policy:
    config firewall multicast-policy
        edit 1
            set comments "multicast-policy-1"
            set logtraffic enable
            set srcintf "wan1"
            set dstintf "wan2"
            set srcaddr "all"
            set dstaddr "230-0-0-1" "test-multicast-addr-1"
            set snat enable
            set snat-ip 10.1.100.188
            set dnat 229.1.2.19
            set auto-asic-offload disable
        next
    end
  2. Use the show command to see the UUID:
    # show firewall multicast-policy
    config firewall multicast-policy
        edit 1
            set uuid d0f74f64-fc41-51e9-2dfc-729f027e9979
            set comments "multicast-policy-1"
            set logtraffic enable
            set srcintf "wan1"
            set dstintf "wan2"
            set srcaddr "all"
            set dstaddr "230-0-0-1" "test-multicast-addr-1"
            set snat enable
            set snat-ip 10.1.100.188
            set dnat 229.1.2.19
            set auto-asic-offload disable
        next
    end
To view the UUID for an IPv4 or IPv6 local-in policy:
  1. Create a policy:
    config firewall local-in-policy
        edit 1
            set intf "wan1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set service "PING"
            set schedule "always"
            set comments "test-1"
        next
    end
  2. Use the show command to see the UUID:
    # show firewall local-in-policy
    config firewall local-in-policy
        edit 1
            set uuid 1aeb7d98-0016-51ea-7913-b6d62f4409cd
            set intf "wan1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set service "PING"
            set schedule "always"
            set comments "test-1"
        next
    end
To view the UUID for a central SNAT policy:
  1. Create a policy:
    config firewall central-snat-map
        edit 1
            set srcintf "wan2"
            set dstintf "wan1"
            set orig-addr "all"
            set dst-addr "all"
            set orig-port 11111
            set nat-ippool "Overload-ippool-1"
            set nat-port 22222
        next
    end
  2. Use the show command to see the UUID:
    # show firewall central-snat-map
    config firewall central-snat-map
        edit 1
            set uuid d0f87af6-fc41-51e9-ef72-32f8655f8008
            set srcintf "wan2"
            set dstintf "wan1"
            set orig-addr "all"
            set dst-addr "all"
            set orig-port 11111
            set nat-ippool "Overload-ippool-1"
            set nat-port 22222
        next
    end