Technical Tip: Security profiles enhancements
Description
This article describes the following features:
To more clearly show the features specific to proxy-based mode, use the new feature set option to select 'Flow-based' or 'Proxy-based'.
When 'Flow-based' or 'Proxy-based' is selected, only the features for that mode are available.
Scope
FortiGate.
Solution
The following pages have the Feature set option.
- Security Profiles -> AntiVirus.
- Security Profiles -> Web Filter.
- Security Profiles -> Email Filter.
- Security Profiles -> Data Leak (CLI only).
- Policy & Objects -> Protocol Options.
Example of the Feature set option in Security Profiles -> AntiVirus.
If 'Proxy-based' is selected, a red 'P' icon indicates the proxy-only features.
When firewall policies are configured.
- If the inspection mode is flow-based, the dropdown menus only display profiles with flow-based feature sets.
- If the inspection mode is proxy-based, the dropdown menus display profiles with flow-based or proxy-based feature sets.
If a flow-based inspection policy has a proxy-based profile assigned, a warning icon and tooltip inform that proxy features do not work in a flow-based policy. This warning also appears when the CLI is used to assign security profiles.
