set profile-protocol-options "default"

Forum|Forum|9 years ago
February 12, 2017
1 reply
16364 views

Hello,

I'm a bit confused about the command "set profile-protocol-options "default"" when enabling a security profile inside a firewall policy. My understanding is that if we work with the default protocol options, then this command is optional. Is that correct?

However, this command it doesn't appear into the CLI of the firewall policy by default. So, do we have to issue this command or not, when using the default protocol options profile?

Another thing that I don't understand is that this command has to be issued by CLI, it is not available in the GUI. If that is so, what is the purpose of having to issue this command by CLI after you have created the firewall policy?

Thanks

hmtay_FTNT

Staff

Hello aagrafi,

Think of the "protocol-profile-options" setting as the Proxy mode setting. If you are configuring the firewall policy from the GUI, you may notice that as you enable any module that works in proxy-mode, the "Proxy Options" will show up out of nowhere with the default profile. That's "protocol-profile-options" in the CLI.

>>My understanding is that if we work with the default protocol options, then this command is optional. Is that correct?

If your firewall policy contains one or more modules that is in proxy-mode, that policy will be in proxy-mode and the "protocol-profile-options" will be necessary.

If you are running in flow-mode, the "protocol-profile-options" setting is not required and you will not see it in the GUI.

HoMing

michaelshi2006

New Member

Hi Guys:

my VDOM1 was set up as flow base, But I still have to set protocol-profile-options default while I enable flow mode AV profile. why?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded