Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Kraven2323
Staff
Staff

Created on ‎10-11-2022 12:36 AM Edited on ‎10-11-2022 12:38 AM By Moderator

Technical Tip: Incompatibilities with NGFW Policy mode due to large scan-range detection requirements

Description This article describes why this error is showing on FortiGate NGFW policy-based mode when trying to add certain applications to the firewall policy on version 6.4.10.
Scope FortiGate 6.4.10.
Solution

When adding some applications to the firewall policy, the error example below can occur:

 

Kraven2323_0-1665472134107.png

 

Example of trying to add large scan-range applications such as:

 

'Gmail_Personal'.

 

Kraven2323_1-1665472253067.png

 

This cannot be added to the firewall policy. This large scan-range application is actually removed in the 7.0.x version and later as per the screenshot below:

 

Kraven2323_2-1665472363195.png

 

Do not use the large scan-range application on the policy or upgrade to 7.0.x to prevent confusion as these applications are removed from being selected in the firewall policy.
310
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.