Setting the Inspection mode with CLI

Forum|Forum|5 years ago
November 19, 2020
1 reply
3712 views

Fortigate v6.4.3 build1778 (GA)

I am trying to set the inspection mode to proxy when I create a new policy. I can set it with the GUI but not on the CLI.

From all of the documentation I have read it looks like the command should be

set inspection-mode proxy

If I create the policy with the GUI and then do a show at the CLI the set inspection mode is there. I am even able to change it. But if I create a new policy using the CLI the set command is not available.

Has anyone else run across this issue?

Viktor1

New Member

I've checked my FGT 6.4.3. I can successfully change flow mode in rule to proxy mode from CLI:

FG-VM# config firewall policy FG-VM(policy) # edit 4 FG-VM(4) # get | grep inspection-mode inspection-mode : flow FG-VM(4) # set inspection-mode proxy FG-VM(4) # get | grep inspection-mode inspection-mode : proxy

lobstercreed

New Member

Hey Sal (and Viktor),

The issue is that when you create a new policy via CLI, it is a "deny" policy by default. If you do a "get" you can see this and see that there is no inspection-mode property. Once you submit the command "set action accept" you can set the inspection mode and a great many other things that aren't available on a deny policy.

Have a great day! - Daniel

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded