Disabling policies

FitzFort · ‎11-04-2021

Hi, quick query just looking to disable some policies in my test lab

What is the best practice with Fortigate to disable before fully deleting policies?

Toshi_Esumi · ‎11-04-2021

Are you asking about the purpose of disabling policy? It might be used when you want/need to temporarily remove the policy from the policy lookup process. Maybe for debugging, or maybe it's not quite ready to be deployed for whatever the reason is. If don't foresee any chance to re-enable it, I would delete it instead.

View solution in original post

Toshi_Esumi · ‎11-04-2021

Are you asking about the purpose of disabling policy? It might be used when you want/need to temporarily remove the policy from the policy lookup process. Maybe for debugging, or maybe it's not quite ready to be deployed for whatever the reason is. If don't foresee any chance to re-enable it, I would delete it instead.

FitzFort · ‎11-04-2021

Thanks very much I have the cookbook for it, do you have any links that show best practice, again thanks I appreciate it

Toshi_Esumi · ‎11-04-2021

I don't think any document as "best practive" for that.

FitzFort · ‎11-04-2021

Thanks no worries

emnoc · ‎11-04-2021

Yeah do not know a BCP per-se but we disable policy for pre-launch where we install them and let them sit until ready to go live same for when we tear-down policy and want a cool-down period. We might disable policyID 77 for 48hours and then delete

We do the same thing in my day job with junos and chkp.

Ken Felix

PCNSE

NSE

StrongSwan