- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 200F with multiple firewall policies on 1 interface port
Hi we are new to fortigate's and need a little help/advice. We are currently adjusting the security level of our firewalls to a higher level. i.e we setup up the firewall rules first, next we implemented the IPS-sensor on a interface policy. After this we added the web-filter profile to the same policy. so far so good, but when we added the AV-profile also to this interface policy a important application stopped working. We checked the security logs but there are not active blocks/messages regarding what is being blocked. We made a second interface profile and only added the AV-profile and enabled it ... the applicationn is no longer being blocked but we are thinking that second profile is not being used (see config information under)
config firewall interface-policy
edit 1
set uuid xxxxxxxx
set logtraffic all
set interface "port1"
set srcaddr "all"
set dstaddr "all"
set service "ALL"
set ips-sensor-status enable
set ips-sensor "xxxxx all_default"
set webfilter-profile-status enable
set webfilter-profile "xxxxx-default"
next
edit 2
set uuid xxxxxxxxx
set logtraffic all
set interface "port1"
set srcaddr "all"
set dstaddr "all"
set service "ALL"
set av-profile-status enable
set av-profile "xxxxxx-default"
next
end
Can somone please confirm that a) the firewall process's both policy 1 & 2 or only policy 1 ?
Many thanxs for any assistance in the matter
Solved! Go to Solution.
- Labels:
-
Antivirus profile
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all, the problem we have has been resolved. The issue what had was do with the definition of ALLOW vs EXEMPT. The application that was being blocked showed up earlier when we building up the rules ie the first week we turned on the IPS, the next week the web filter and the last where the issue occured the AV-profile. When we truned on the web filter the URL showed up as blocked, here we gave it a ALLOW (which have been EXEMPT) on the URL traffic. After we adjusted the setting this morning we could apply the av-oicy and the application did not break.
Thnxs to all for the use of your time (and brains)
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Will do .. I can not do it at the moment (ppl still working) Tonight i will run the tests and post the results. Thnxs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Havensteder ,
Not sure why you are using the Interface Policy, not the regular Firewall Policy.
Anyway, they are doing the same thing: Matching policies from top to bottom. Once one firewall policy is matched, the rest of the policies will not be checked. And UTM profiles are not the elements for matching a policy. That means the Interface Policy #2 will not be matched for any traffic.
Jerry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all, the problem we have has been resolved. The issue what had was do with the definition of ALLOW vs EXEMPT. The application that was being blocked showed up earlier when we building up the rules ie the first week we turned on the IPS, the next week the web filter and the last where the issue occured the AV-profile. When we truned on the web filter the URL showed up as blocked, here we gave it a ALLOW (which have been EXEMPT) on the URL traffic. After we adjusted the setting this morning we could apply the av-oicy and the application did not break.
Thnxs to all for the use of your time (and brains)
- « Previous
-
- 1
- 2
- Next »
