- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Application Control - Change Application Sensor Is...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Application Control - Change Application Sensor Issue
Hi,
When I need to change the application sensor, IPS sensor or web filter associated with a policy I need to drag the policy line right to the bottom of the ruleset above the implicit deny, change the UTM sensor or policy, then move back to the correct position.
If I dont follow this procedure then the policy loses all it's L7 inspection sensors.
Is this a bug ? We're running 5.0.7
PJ
Solved! Go to Solution.
Labels:
- Labels:
-
5.0
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have never personally experience this issue directly, but it's not uncommon for such issues to be the result of browser compatibility issues (try switching browsers and/or clearing browser cache, resetting browser to defaults).
Just deployed some new 200Ds and migrated several 200B to 5.0.8 (wireless controller ver) and 5.0.9 -- Encountered 2 GUI-related issues so far (on the same 200D running 5.0.8 wireless controller build); I'm running the latest Firefox browser.
First "bug" is trying to add a new entry to a DHCP-reserved IP list that already has about 30 entries, clicking apply gives an error message then it wipes out the entire reserved IP list -- not a happy camper (had to copy/paste the IP list from an old backup into the CLI to restore the entire list). Fortigate was no where near the max 200 reserved IPs as pointed out by the Maximum values table.
Second "bug" is related to the Block Intra-SSID traffic option on the SSID setting -- I just set up a new SSID, on a separate subnet, and enabled this option. But later was told by the site admin that they can't print to their wireless printer, so I unchecked this option (from the GUI). Site admin reports printer is still unreachable, nor even pingable. I was able to ping all devices on that subnet from the Fortigate, but not from a test machine (via remote connection). So I finally checked the setting via the CLI and discovered the option was still enabled even though the GUI shows it unchecked. >:(
I like stories. :)
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have never personally experience this issue directly, but it's not uncommon for such issues to be the result of browser compatibility issues (try switching browsers and/or clearing browser cache, resetting browser to defaults).
Just deployed some new 200Ds and migrated several 200B to 5.0.8 (wireless controller ver) and 5.0.9 -- Encountered 2 GUI-related issues so far (on the same 200D running 5.0.8 wireless controller build); I'm running the latest Firefox browser.
First "bug" is trying to add a new entry to a DHCP-reserved IP list that already has about 30 entries, clicking apply gives an error message then it wipes out the entire reserved IP list -- not a happy camper (had to copy/paste the IP list from an old backup into the CLI to restore the entire list). Fortigate was no where near the max 200 reserved IPs as pointed out by the Maximum values table.
Second "bug" is related to the Block Intra-SSID traffic option on the SSID setting -- I just set up a new SSID, on a separate subnet, and enabled this option. But later was told by the site admin that they can't print to their wireless printer, so I unchecked this option (from the GUI). Site admin reports printer is still unreachable, nor even pingable. I was able to ping all devices on that subnet from the Fortigate, but not from a test machine (via remote connection). So I finally checked the setting via the CLI and discovered the option was still enabled even though the GUI shows it unchecked. >:(
I like stories. :)
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dave,
Cheers for the response, I usually run Chrome but just tried with FF and IE, no joy, exactly the same issue...worth a shot though!!
Sounds like a bug to me. I also forgot to mention it happens if I amend the policy in anyway - like remove or add a new address object or service.
I have tested on two separate platforms running slightly different code.
1000C's running 5.0 patch 7
90D's running 5.0 patch 9
Whats the best play from here you guys recon - open a case?
...and yes you do like stories...hahahahah
Dave Hall wrote:I have never personally experience this issue directly, but it's not uncommon for such issues to be the result of browser compatibility issues (try switching browsers and/or clearing browser cache, resetting browser to defaults).
Just deployed some new 200Ds and migrated several 200B to 5.0.8 (wireless controller ver) and 5.0.9 -- Encountered 2 GUI-related issues so far (on the same 200D running 5.0.8 wireless controller build); I'm running the latest Firefox browser.
First "bug" is trying to add a new entry to a DHCP-reserved IP list that already has about 30 entries, clicking apply gives an error message then it wipes out the entire reserved IP list -- not a happy camper (had to copy/paste the IP list from an old backup into the CLI to restore the entire list). Fortigate was no where near the max 200 reserved IPs as pointed out by the Maximum values table.
Second "bug" is related to the Block Intra-SSID traffic option on the SSID setting -- I just set up a new SSID, on a separate subnet, and enabled this option. But later was told by the site admin that they can't print to their wireless printer, so I unchecked this option (from the GUI). Site admin reports printer is still unreachable, nor even pingable. I was able to ping all devices on that subnet from the Fortigate, but not from a test machine (via remote connection). So I finally checked the setting via the CLI and discovered the option was still enabled even though the GUI shows it unchecked. >:(
I like stories. :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Dave:
Fortinet should be notified about these bugs. Any energy left to open a case?
- there should be a dropbox style mailbox where you could report bugs, real bugs I mean; a support case is some effort... -
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have considered that, but currently don't have the time/resources to properly document/research/replay the steps to replicate the "bugs", not to mention getting permission from the client to submit their Fortigate's config to Fortinet. So far we have migrated/deployed about 12 fgts to 5.0.x and these two bugs are the only hiccups so far.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Related Posts
- Vulnerability path information in Diagnostic Logs 242 Views
- New SSID Recommendation 391 Views
- How can I know what are... 131 Views
- Fortiweb number of Web Applications 226 Views
- SENTINEL ONE SHAPPING 150 Views
Labels
-
FortiGate
6,904 -
FortiClient
1,364 -
5.2
801 -
5.4
639 -
FortiManager
597 -
FortiAnalyzer
435 -
6.0
416 -
5.6
362 -
FortiAP
361 -
FortiSwitch
357 -
FortiClient EMS
278 -
FortiMail
269 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
168 -
6.4
128 -
FortiNAC
120 -
FortiGuard
109 -
IPsec
96 -
FortiGateCloud
91 -
FortiSIEM
91 -
FortiCloud Products
85 -
SSL-VPN
82 -
FortiToken
75 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
FortiEDR
42 -
SD-WAN
41 -
Fortivoice
41 -
FortiDNS
36 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
VLAN
27 -
High Availability
27 -
FortiAuthenticator
26 -
FortiConnect
24 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
SAML
17 -
FortiGate v5.2
17 -
DNS
17 -
LDAP
17 -
Certificate
17 -
BGP
16 -
VDOM
16 -
FortiMonitor
14 -
Interface
14 -
Logging
14 -
Authentication
13 -
FortiGate v5.0
13 -
FortiLink
13 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
NAT
11 -
RADIUS
10 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Fortigate Cloud
9 -
4.0MR2
9 -
SSID
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
WAN optimization
7 -
SNMP
7 -
Web profile
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Traffic shaping policy
6 -
FortiBridge
6 -
Web application firewall profile
6 -
Proxy policy
5 -
Packet capture
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Antivirus profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 983 | |
| 818 | |
| 446 | |
| 440 | |
| 130 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.