FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
amatos
Staff
Staff
Article Id 332608
Description

This article describes the issue that occurs in FortiGate v7.4.2 and v7.4.3. This happens only to FortiGates running Policy-Based NGFW mode.

 

In the example, there is a Security Policy (FortiGate in Policy-Based NGFW mode) that has the option Service 'ALL' set (Via Specify option), but it is necessary to edit the Policy to allow only certain Applications Signatures. 

 

FirewallPolAll.PNG

 

When selecting the option 'App Default' to define the application(s) that are going to be used in the Security Policy (in this example the 2Flex) whenever selecting 'OK' to submit the configuration, the configuration is not saved and the below error appears:

'Empty values are not allowed.The attribute can`t be empty!'.

 

FirewallPolErrors.PNG

Scope FortiGate v7.4.
Solution
  1. Upgrade to v7.4.4, which has a fix for this issue: 988029: On FortiGate, when in policy-based mode, the Service of a security policy cannot be changed from Specify to App Default.
    Resolved issues
  2.  If it is not possible to upgrade at the moment, edit the security policy in the CLI as below:


config firewall security-policy

    edit X   <----- Firewall policy ID.
        set enforce-default-app-port enable

    end

 

In the GUI, select the applications to include, by selecting 'App Default'.

 

Contributors