|
In a new installation of FortiOS 7.4.0 and above, one can observe that it is impossible to change the firewall policy from the default flow-based mode to proxy-based inspection:
FortiGate-61F # config firewall policy
FortiGate-61F (policy) # edit 1
change table entry '1'
FortiGate-61F (1) # set in
internet-service Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
internet-service-src Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
internet-service6 Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address and service are not used.
internet-service6-src Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used.
FortiGate-61F (1) # end
** No option for inspection-mode
** This issue does not exist with fresh installation of FortiOS 7.2.6
For the v7.4.0 and above, it is possible to see the feature ID 829475 in this document: New features or enhancements.
This includes the capability of configuring firewall policy in proxy-inspection mode. To enable the feature, enable the respective with the following command:
config system global
set proxy-and-explicit-proxy enable
end
Note:
Starting from v7.4.4, Proxy-related features are not supported in FortiGate models with 2GB RAM or less. Refer to the documentation below for more information:
2 GB RAM FortiGate models no longer support FortiOS proxy-related features
|
