Hello All, could anyone tell me that why I enable AV profile on policy, but two other options (Proxy Options and SSL Inspection) are also be enabled ? Thanks.
Here is my FortiGate setting:
FortiOS: 5.6.4
Proxy Options label in GUI are mapped in CLI to: config firewall profile-protocol-options
SSL Inspection label in GUI are mapped to CLI: config firewall ssl-ssh-profile
I think the GUI Proxy Options label are confusing. The CLI labels are more accurate.
The 2 configs are used by both flow-based and proxy-based utm profiles. Both contains different/important layer 7 protocols options so are required by either flow/proxy-based utm(s) to handle each protocol. Flow-based utm are handled by ipsengine daemon. Proxy-based utm are handled by wad daemon. As far as I know, not recommended to mix both utm profile modes (proxy vs flow) because the packet from kernel would be copied twice to different daemon queues. The resulting setup are also more complicated due to more ipc, etc.
Can verify a session if its packet is being forward to ipsengine or wad daemon by doing 'diag sys session list' in CLI. Then check field state= for either bits: ndr or redir. ndr is forward packet to ipsengine. redir forward packet to proxy wad. See for more info: http://kb.fortinet.com/kb....do?externalId=FD30042
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
