Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
heyyo
Contributor

Created on ‎01-06-2025 03:35 PM

Adjusting ngfw-max-scan-range

Hi,

I am getting the same error message same as in this KB: Incompatibilities with NGFW Policy mode d... - Fortinet Community

 

Already tried to use a Custom Application Group, but I'm still getting the same error message:

"app 43322 is incompatible with NGFW Policy mode due its large scan-range detection requirements."

 

Is there any other way to resolve this?

 

How do I know which value to input if I adjust this part of the configuration?

config ips global

    set ngfw-max-scan-range 4096

end

 

Labels:
240
0 Kudos
1 Solution
kaman
Staff
Staff

Created on ‎01-07-2025 07:00 AM

Hi heyyo,

Please let us know your firewall firmware version.

Also, please confirm which NGFW mode you are using policy-based or profile-based under System Operation Settings.

The error message is expected behavior and it is to notify the user that the given application they're trying to set for security policy cannot be detected due to its large scan range.

If they must detect this app, for now they would need to use profile-based mode instead of policy-based mode.

So presently, the only workaround would be to use profile-based mode as this is a limitation to the design in policy-based mode.

If you have found a solution, please like and accept it to make it easily accessible to others.


Regards,
Aman

View solution in original post

181
1 REPLY 1
kaman
Staff
Staff

Created on ‎01-07-2025 07:00 AM

Hi heyyo,

Please let us know your firewall firmware version.

Also, please confirm which NGFW mode you are using policy-based or profile-based under System Operation Settings.

The error message is expected behavior and it is to notify the user that the given application they're trying to set for security policy cannot be detected due to its large scan range.

If they must detect this app, for now they would need to use profile-based mode instead of policy-based mode.

So presently, the only workaround would be to use profile-based mode as this is a limitation to the design in policy-based mode.

If you have found a solution, please like and accept it to make it easily accessible to others.


Regards,
Aman

182
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.