FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mgoswami
Staff
Staff
Article Id 250797
Description This article describes that by default, the FortiGate policy is Flow Based on the inspection and the option to change the inspection mode is not visible in GUI.
Scope FortiGate v7.2 and v7.4.
Solution

It is necessary to change the inspection mode from Flow to Proxy in the policy from CLI. Once the inspection mode is changed to Proxy, the option to toggle the inspection mode will be available in GUI.

 

Proxy.PNG

To change the inspection mode from CLI:

Step 1:

 

Proxy.JPG

 

config system global
    set proxy-and-explicit-proxy enable
end


config system settings
    set gui-proxy-inspection enable

end

 

Step 2:

 

Proxy1.PNG

Inspection mode is visible in GUI now:

Proxy.PNG

 

The gui-proxy-inspection setting under config system settings is enabled on most models except for low-end platforms with 2 GB of RAM or less. When this setting is disabled, then Firewall policy pages do not have the option to select a Flow-based or Proxy-based inspection mode.

 

Enable GUI Inspection option from CLI:

 

Capture2.PNG

 

Inspection mode is visible in GUI now:

 

Capture3.PNG

 

Now changing the inspection mode is available in GUI:

 

Capture4.PNG

 

However, starting from FortiGate 7.4.4, Proxy-related features are not supported in FortiGate models with 2GB RAM or less. Refer to the documentation below for more information:

2 GB RAM FortiGate models no longer support FortiOS proxy-related features