Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
amatos
Staff
Staff

Created on ‎08-13-2024 02:54 AM Edited on ‎08-13-2024 02:55 AM By Community Manager

Article Id 332608

Troubleshoot Tip: Cannot change Service 'Specify' to 'App Default' in a FortiGate policy-based mode

Description

This article describes the issue that occurs in FortiGate v7.4.2 and v7.4.3. This happens only to FortiGates running Policy-Based NGFW mode.

 

In the example, there is a Security Policy (FortiGate in Policy-Based NGFW mode) that has the option Service 'ALL' set (Via Specify option), but it is necessary to edit the Policy to allow only certain Applications Signatures. 

 

FirewallPolAll.PNG

 

When selecting the option 'App Default' to define the application(s) that are going to be used in the Security Policy (in this example the 2Flex) whenever selecting 'OK' to submit the configuration, the configuration is not saved and the below error appears:

'Empty values are not allowed.The attribute can`t be empty!'.

 

FirewallPolErrors.PNG
Scope FortiGate v7.4.
Solution
  1. Upgrade to v7.4.4, which has a fix for this issue: 988029: On FortiGate, when in policy-based mode, the Service of a security policy cannot be changed from Specify to App Default.
    Resolved issues
  2.  If it is not possible to upgrade at the moment, edit the security policy in the CLI as below:


config firewall security-policy

    edit X   <----- Firewall policy ID.
        set enforce-default-app-port enable

    end

 

In the GUI, select the applications to include, by selecting 'App Default'.

 

11546
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.