Hello,
I am very new to FortiGate and I am studying for the Network Security Certification.
I have the following question, which I am not able to confirm my answer on the internet.
FortiGate - version 7.4.3
Say I configure a Firewall rule with:
Does the above means that now the firewall rule will use Proxy-based mode for all the traffic?
Thanks for your assistance.
Aaron Olguin
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @aolguin ,
In my opinion, this is related to the default profile. If you create a custom profile you will see can't use this profile with a not-matched policy.
In my lab, I tried also that scenario. I think policy resumes working with flow mode. Because the antivirus profile warned me.
Some features (MAPI, SSH, CDR) need to proxy mode in the antivirus profile. If you resume with this configuration, these features will not work.
Hello @aolguin ,
If you configure a proxy based on an antivirus profile, you can't use this profile with a flow-based policy. They should match.
If you create a proxy-based policy. Yes, your matched all traffic with the rule, will processed in proxy mode.
Hello @ozkanaltas
Thank you for the reply. That is what I thought, but unfortunately the FortiGate allows it:
I am using a FortiGate 60F, version v7.4.3 build2573
I have the following:
for the antivirus profile
Maybe a bug then?
But questions remains on the scenario above, does that mean that inspection mode is using Flow-based or proxy-based (as override by Antivirus profile)?
Thanks,
Aaron Olguin
Hello @aolguin ,
In my opinion, this is related to the default profile. If you create a custom profile you will see can't use this profile with a not-matched policy.
In my lab, I tried also that scenario. I think policy resumes working with flow mode. Because the antivirus profile warned me.
Some features (MAPI, SSH, CDR) need to proxy mode in the antivirus profile. If you resume with this configuration, these features will not work.
Thank you, indeed with a custom antivirus profile I see we cannot mix, inspection mode and feature set under security profiles. They have to match
Now it make sense.
Note: this behavior on the default profile was confusing !
So that means your policy will remain in flow-mode and it just will not use proxy features that are configured in the used AV profile.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1536 | |
1028 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.