Question
What is the consensus for NGFW mode = Policy-based for 6.0.x or 6.2 model E or model F?
Has anyone had good experiences running in NGFW Policy-mode?
The phrasing from the current docs @ https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/978598/profile-based-ngfw-vs-policy-based-ngfw
Policy-based policies can have unexpected results when passing or blocking traffic. For example, if you add a new firewall policy to deny social media based traffic on applications or URLs, [style="background-color: #ffff00;"]having a traditional catch-all policy to deny all other traffic may unintentionally block legitimate traffic.[/style]
makes me think it is still not ready.
I really want this mode to work in production.
Please chime in with any recent positive or negative experiences.
Thanks!