Skip to main content
heyyo
heyyo
Explorer III
January 6, 2025
Solved

Adjusting ngfw-max-scan-range

  • January 6, 2025
  • 1 reply
  • 823 views

Hi,

I am getting the same error message same as in this KB: Incompatibilities with NGFW Policy mode d... - Fortinet Community

 

Already tried to use a Custom Application Group, but I'm still getting the same error message:

"app 43322 is incompatible with NGFW Policy mode due its large scan-range detection requirements."

 

Is there any other way to resolve this?

 

How do I know which value to input if I adjust this part of the configuration?

config ips global

    set ngfw-max-scan-range 4096

end

 

Best answer by kaman

Hi heyyo,

Please let us know your firewall firmware version.

Also, please confirm which NGFW mode you are using policy-based or profile-based under System Operation Settings.

The error message is expected behavior and it is to notify the user that the given application they're trying to set for security policy cannot be detected due to its large scan range.

If they must detect this app, for now they would need to use profile-based mode instead of policy-based mode.

So presently, the only workaround would be to use profile-based mode as this is a limitation to the design in policy-based mode.

If you have found a solution, please like and accept it to make it easily accessible to others.


Regards,
Aman

1 reply

kaman
Staff
kamanAnswer
Staff
January 7, 2025

Hi heyyo,

Please let us know your firewall firmware version.

Also, please confirm which NGFW mode you are using policy-based or profile-based under System Operation Settings.

The error message is expected behavior and it is to notify the user that the given application they're trying to set for security policy cannot be detected due to its large scan range.

If they must detect this app, for now they would need to use profile-based mode instead of policy-based mode.

So presently, the only workaround would be to use profile-based mode as this is a limitation to the design in policy-based mode.

If you have found a solution, please like and accept it to make it easily accessible to others.


Regards,
Aman

    Terms & ConditionsAccessibility statement