I am having an issue with AntiVirus and Web Filter. I have profiles created but I can't add them in the firewall policies. It has a field to add them but the drop down list doesn't show any of the created profiles.
FortiGate-30G
v7.2.8 build6390 (Mature)
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Currently, this is being investigated by the engineering team on Fortigate/FortiWiFi 30/31G running FortiOS 7.2.8GA.
Workaround:
Until this is fixed, the Webfilter & Antivirus profiles can be enabled using the CLI
config firewall policy
edit <policyid>
set utm-status enable
set av-profile <profile_name>
set webfilter-profile <profile_name>
end
I still haven't found a fix for this, any ideas?
can you let me know your exact FGT version? Is it in v7.4+ version
Also the model is 30G ryt?
FortiGate-30G
v7.2.8 build6390 (Mature)
I included this information in the original post
v7.2.8 build6390 (Mature) seems to be the only version for the FortiGate-30G
from the snapshot the webfilter is on flow mode only. So regardless of proxy/flow mode on the firewall policy you should be able to select the profile. Now further have you tried it from the CLI to select the profile?
I verified in my lab in 7.2.8 and there is no issue and on top of that I'm getting the option of selecting the feature set also on the GUI/CLI.
Only from v7.4.4 for small end model the proxy feature has been disable
config firewall policy
edit <> >> policy ID
set webfilter-profile ? >> di a ? to see if the webfilter profile are coming
Created on 12-12-2024 08:08 AM Edited on 12-12-2024 08:23 AM
It is disconcerting that this firewall doesn't support URL or Virus protection on the firewall policies. I have been running without this protection since the firewall has been installed with no solution.
The only code available for the 30G seems to be v7.2.8 build6390 (Mature)
Am I the only one running the 30G? Is there any 30G that the support people can use to test with?
I did as you asked and it still shows no AV or Webfilter on the policy
I was able to get the CLI to assign the AV and Web Filter profiles but they don't seem to be working. I blocked sites but users are not blocked. In fact, web sites are not showing up in the FortiView Web Sites tab at all.
Your firewall policy screenshot shows "SSL Inspection: no-inspection".
You need at minimum "certificate-inspection" (For webfilter rating/blocking ONLY), or "deep-inspection" for inspection of the inner content (e.g. antivirus).
I tried all combinations with the same results.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.