We have many policy and security profile need to manage, please add grouping feature in both feature.
At least security profile grouping feature already exists under "config firewall profile-group".
Follow this to enable it in GUI. Then "Profile Groups" sub-menu shows up under "Security Profiles" menu.
Be aware that "config sys settings" is per vdom config, in case your in multi-vdom environment.
Depending on the version of FortiOS, sometimes you need to put in the group commands in CLI in one policy before it shows up in the GUI.
I've even had the case where I knew I had inserted the CLI commands and it never showed in the GUI.
Example:
config firewall profile-group
edit "win_clients"
set av-profile "scan"
set dnsfilter-profile "default"
set ips-sensor "anti-ransom"
set application-list "block-botnet&P2P"
set profile-protocol-options "custom-default"
set ssl-ssh-profile "my_certificate-inspection"
next
end
config firewall policy
edit 3
set srcintf "WLAN-Gast"
set dstintf "wan1"
set srcaddr "WLAN-Gast"
set dstaddr "all"
set action accept
set schedule "workinghours"
set service "Gast-Services"
set utm-status enable
set profile-type group
set profile-group "win_clients"
set nat enable
next
end
There are already "sequences" for policies, but I totally agree: groups, chains, etc. would help a lot for larger rule-sets.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1771 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.