FortiGate Firewall Unused Policy Clean up

Hello,

In this blog we are going to see How to identify and remove unused policies. Firewall unused policy clean up is essential as those policies may mess up the rule base and offer an approach of attack to infiltrators. Remove these rules to clean up the rule base and reduce the attack surface or modify them, so they apply to application traffic and serve a legitimate purpose in the rule base.


How to Identify unused policies in FortGate V 6.0.9.

Step 1:- Login to Fortigate GUI and select the VDOM (Virtual Domain) on which you want to find out the Unused Policies.

Step 2:- GOTO Policy&Objects and Select appropriate policy Ex. Here we have selected IPv4 Policy. Then Click on Configuration Table and insert Hit Count and Last Used columns in your IPv4 policy dashboard.



This is the easiest way to find out unused policies in Fortigate firewall.                                             
                                    

How to delete/disable unused Policies in Fortigate V 6.0.9.                                                         
     
Right click on policy that you want to delete/disable like shown in below screenshot. disable is temporary and delete is permanent.                                                        






Comments

  1. JamesOctober 16, 2021 at 1:51 AM

    This blog is very helpful. it is essential to take a few basic steps: Choose an operator. Select the plan that's perfect for you. What is My Ip Address

    ReplyDelete

Post a Comment

Popular posts from this blog

Cisco Prime Inline Upgrade Procedure

Image
 Hello, In this article you will get to know how to upgrade Cisco prime from 3.8 to 3.9. Please refer below steps. Step:1   Download all image files and latest patches from Cisco website. See below for reference. Step2 :  In order to transfer image file to CLI of Cisco prime, Download WinSCP application from google. Step3: Login to CLI of Cisco prime using Admin account and then go to shell mode by typing “shell” in CLI Step4:- Create a user for WinSCP so that we can transfer image to Prime CLI. Follow below procedure. In Shell mode of Cisco Prime run below commands: Sudo -i cd //localdisk/defaultRepo/ Adduser <username> Passwd <Pwd> It will ask for new password then you can change it to new one. Step5 :- Open WinSCP application then click on new session.   In Hostname section put Cisco Prime IP and in username and Password put which was created in step4. Click on login and then you can drag and drop whichever file you want to send it to C...
Read more

How to create DNS entry for newly built Server.

Image
 Hello Friends, In this blog we are going to discuss on how to create DNS entry for new server. Please follow below steps to create DNS entry ( A record under domain ). Step 1:- Login to DNS server and search for DNS manager. Step 2:- Under DNS Manager click on Forward Lookup Zones and then select your domain (xyz.com) Step 3:- Under your domain --> right click on the page--->click on New Host (A or AAAA).                Step 4:- Fill the Server name and IP address of new server and make sure you select the check box of Create associated pointer (PTR) record. A Pointer (PTR) record is a type of domain Name System (DNS) record that resolves an IP address to a domain or host name, unlike an A record which points a domain name to an IP address. PTR records are used for the reverse DNS lookup.
Read more