Staff

Technical Tip: Editing the FSSO policy from GUI disables FSSO

Forum|Forum|6 years ago
September 3, 2019
0 replies
10664 views

Description

This article explains how editing the FSSO policy.

Edit the policy from GUI and do not edit any existing settings, click on 'OK'

Scope

FortiGate

Solution

Follow the steps below:

1) Edit the ipv4 policy from CLI, set the FSSO to default setting.

# config firewall policy

edit 5

set name "Fsso Policy"
set uuid 1fb03232-ccaf-51e9-0a90-e44b439ef138
set srcintf "port1"
set dstintf "port2"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set schedule "always"
set schedule-timeout disable
set service "ALL"
set fsso enable <===========
set nat enable

2) Edit the policy from GUI and do not edit any existing settings, click on 'OK'

3) From the CLI on editing the IPV4 policy the current FSSO setting would be disabled.

# config firewall policy

edit 5

set name "Fsso Policy"
set uuid 1fb03232-ccaf-51e9-0a90-e44b439ef138
set srcintf "port1"
set dstintf "port2"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set schedule "always"
set schedule-timeout disable
set service "ALL"
set fsso disable <===========
set nat enable

Editing the IPV4 policy from GUI would make the FSSO setting disabled even though the default FSSO setting is enabled.
Make sure to not edit the IPV4 policy on which the default FSSO setting is enabled.
Always enable the CLI mode, create and edit the IPV4 policy on which the default FSSO setting is to be enabled which would not change the current FSSO settings to disable.

FortiGate v6.0

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded