Wednesday, August 12, 2009

CLI Magic: Finding out where your Objects are used in the Config

A firewall setup may get quite involved with many complex settings and user additions such as addresses and protection profiles. Sometimes you are desperately looking to delete an old unused object but that darn trash can icon just won't show up. Fortunately the FortiOS CLI includes a command to allow you to find all places where an object is used.

From the CLI, enter the following command:

diagnose sys path.object.mkey

This will return all objects where the specified object key is referenced.

For example:

diagnose sys checkused sytem.interface.name dmz

entry used by table system.interface:name 'vlan1‘

** If someone out there knows of a place where Fortinet lists all the object references please post a comment and I will update this article **
at

4 comments:

  1. GregAugust 13, 2009 at 9:28 AM

    Thanks a lot for this tip, it will be very useful!
    Cheers,

    ReplyDelete
  2. GregAugust 14, 2009 at 2:57 AM

    Useful ones are to find in which rules are an address group or an address:

    diag sys checkused firewall.addrgrp:name 'Group-Name'

    diag sys checkused firewall.address:name 'Address-Name'

    ReplyDelete
  3. AnonymousJuly 31, 2012 at 9:25 AM

    To find all of the available object key declarations across the entire system, execute the following command.
    fgt # print tablesize

    ReplyDelete
  4. UnknownFebruary 17, 2018 at 7:47 PM

    use get to find the mkeys.

    #get webfilter urlfilter
    == [ 1 ]
    id: 1 name: ImAURLFilter
    == [ 2 ]
    id: 2 name: Whitelist
    == [ 3 ]
    id: 3 name: Blacklist

    diag sys checkused webfilter.urlfilter.id 1
    diag sys checkused webfilter.urlfilter.name ImAURLFilter

    ReplyDelete