A few examples of how to do dependency checks fortigates

One of the biggest challenges with  the fortigate , is the task of find cross-linked tables , policies or address or groups.  When deleting these items you will have to be aware of any linking and follow all linked items. Here's a means for doing this from the cmd line.

Take a VIP, if we want to find what's linked to a VIP,  we can use the diag sys checkused firewall.vip.name  command

As you can see, we have three linked  fwpolicies #s 123,137,145

How about a interface? The same logic applies, take a 3g modem on my local firewall.
 diag sys checkused system.interface.name modem

And the same goes for an address table entry;
 diag sys checkused firewall.address.name all

Now in order to use the cm  diag sys checkused, you have  to  understand the table and objects.

So basically the  command will be the path object and key and the table field. To get the latter just apply a question mark after the cmd on the cli.


 Example an address group would be  firewall = path   addrgrp = object name = mkey and the actual named.

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 
        /  \