Fortinet black logo

Administration Guide

Perform a policy consistency check

Perform a policy consistency check

The policy check tool allows you to check all policy packages within an ADOM to ensure consistency and eliminate conflicts that may prevent your devices from passing traffic. This allows you to optimize your policy sets and potentially reduce the size of your databases.

The check will verify:

  • Object duplication: two objects that have identical definitions
  • Object shadowing: a higher priority object completely encompasses another object of the same type
  • Object overlap: one object partially overlaps another object of the same type
  • Object orphaning: an object has been defined but has not been used anywhere.

The policy check uses an algorithm to evaluate policy objects, based on the following attributes:

  • The source and destination interface policy objects
  • The source and destination address policy objects
  • The service and schedule policy objects.
tooltip icon

A policy consistency check can be automatically performed during every install. When doing the install, only modified or added policies are checked, decreasing the performance impact when compared to a full consistency check.

This function can be enabled when editing the ADOM (see Editing an ADOM).

To perform a policy check:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. Select a policy package or folder, and from the Policy Package menu, select Policy Check. The Policy Consistency Check dialog box opens.
  4. To perform a new consistency check, select Perform Policy Consistency Check, then click OK.

    A policy consistency check is performed, and the results screen is shown.

  5. (Optional) Click Export to PDF to download the results.
To view the results of the last policy consistency check:
  1. Select the ADOM for which you performed a consistency check.
  2. Go to Policy & Objects > Policy Packages.
  3. Select a policy package or folder, and from the Policy Package menu, select Policy Check. The Policy Consistency Check dialog box opens.
  4. To view the results of the most recent consistency check, select View Last Policy Consistency Check Result, then click OK.

    The Policy Consistency Check window opens, showing the results of the last policy consistency check.

Perform a policy consistency check

The policy check tool allows you to check all policy packages within an ADOM to ensure consistency and eliminate conflicts that may prevent your devices from passing traffic. This allows you to optimize your policy sets and potentially reduce the size of your databases.

The check will verify:

  • Object duplication: two objects that have identical definitions
  • Object shadowing: a higher priority object completely encompasses another object of the same type
  • Object overlap: one object partially overlaps another object of the same type
  • Object orphaning: an object has been defined but has not been used anywhere.

The policy check uses an algorithm to evaluate policy objects, based on the following attributes:

  • The source and destination interface policy objects
  • The source and destination address policy objects
  • The service and schedule policy objects.
tooltip icon

A policy consistency check can be automatically performed during every install. When doing the install, only modified or added policies are checked, decreasing the performance impact when compared to a full consistency check.

This function can be enabled when editing the ADOM (see Editing an ADOM).

To perform a policy check:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. Select a policy package or folder, and from the Policy Package menu, select Policy Check. The Policy Consistency Check dialog box opens.
  4. To perform a new consistency check, select Perform Policy Consistency Check, then click OK.

    A policy consistency check is performed, and the results screen is shown.

  5. (Optional) Click Export to PDF to download the results.
To view the results of the last policy consistency check:
  1. Select the ADOM for which you performed a consistency check.
  2. Go to Policy & Objects > Policy Packages.
  3. Select a policy package or folder, and from the Policy Package menu, select Policy Check. The Policy Consistency Check dialog box opens.
  4. To view the results of the most recent consistency check, select View Last Policy Consistency Check Result, then click OK.

    The Policy Consistency Check window opens, showing the results of the last policy consistency check.