Technical Tip: Using a non default profile-protocol-options inside a firewall policy

DPadula · ‎05-22-2024

Description

This article describes how to create and apply profile-protocol-options on firewall rules.

Scope

FortiOS 7.2.x and higher.

Solution

The 'profile-protocol-options' can be configured in either GUI or CLI.
Here are the steps to configure this in the GUI:

Step 1: Navigate to Policy & Objects -> Protocol Options, select 'Create New':

Step 2: Create the protocol profile with the intended settings:

Step 3: Select the profile in the Firewall Policy:

Here are the steps to configure this in the CLI:

Step 1: Via CLI, create the firewall profile-protocol-options:

config firewall profile-protocol-options

edit <new_profile_name>

end

creating new profile.png

Step 2: Set the new profile just created inside the firewall policy.

config firewall policy

edit <firewall_policy_id_number>

set profile-protocol-options <new_profile_name>

end

FP with default profile-protocol-options.PNG

Note: By default, the default profile-protocol-options does not show up on the CLI configuration, it is necessary to use 'show full' to see it.

FP with new profile-protocol-options.PNG

The GUI configuration should be available in 7.2, 7.4, and 7.6:

You are leaving our website