Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Babitha_M
Staff
Staff

Created on ‎09-02-2024 03:38 AM Edited on ‎08-12-2025 03:31 AM By Community Manager

Article Id 338350

Technical Tip: How to enable WAF in policy

 

Description This article describes how to enable the WAF in policy.
Scope FortiGate.
Solution

In the GUI, go to System -> Feature Visibility -> Search for WAF.

By default, the Web Application Firewall option will be greyed out as below:

 

image.png

 

It must be enabled via CLI first:
 
config system settings
    set gui-proxy-inspection enable
end
 
image.png
 
It is now available to use in the policy, provided the 'Inspection Mode' is set to 'Proxy-based' to enable Web Application Firewall (WAF).


image.png
 
From the CLI:
 
config firewall policy
    edit 1
        set srcintf "port3"
        set dstintf "port1"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set inspection-mode proxy
        set ssl-ssh-profile "certificate-inspection"
        set waf-profile "default"
        set logtraffic all
        set nat enable
    next
end
 
Note:
This feature is not supported in the models with less than 2GB RAM starting from v7.4.4.
 
Related documents:
Labels:
1517
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.