New Member

Solved

missing APP and IPS filters when using cli

Hi,

i'm trying to use the cli in Forti Manager 7.0.12 to script a policy.

config firewall policy

edit 0

set name "test-policy"

set srcintf ZONE_LAN

set dstintf ZONE_LAN

set srcaddr test-1

set dstaddr TESTGRP

set service TCP_5000-6000

set action accept

set profile-protocol-options PROXY_FILTER

set ssl-ssh-profile SSL_FILTER_CERT

set ips-sensor IPS_FILTER

set application-list APP_FILTER

set inspection-mode flow

set internet-service disable

set nat disable

set logtraffic all

set schedule always

I can run this script successfully. No errors. However in the gui the policy does not contain the APP and IPS filters?

Any hint?

Best answer by AEK

Hi

Can you try add "set utm-status enable"?

AEKAnswer

SuperUser

Hi

Can you try add "set utm-status enable"?

AEK

Staff

What is the FortiGate version? I can see that App Ctrl may be hidden on 7.6.0 unintentionally: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Application-control-not-visible-in-the-GUI/ta-p/329089

Regarding IPS, you probably just need to go to Feature Visibility and turn 'IPS' on.

Never trust a computer you can't throw out a window.

New Member

Hi,

adding "set utm-status enable" solves the issue. Thx!

Sign up