- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Industrial category is missing
Solved! Go to Solution.
- Labels:
-
5.6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
It seems like Fortinet has exclude the industrial signatures from the UTM license group, you hava to purchase those signatures apart of the UTM license or you have to purchase the enterprise licecense. That was my local seller response.
anyway, thanks for your responses!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not familiar with 5.6, so it may be possible that the category is still there, though renamed or recategorized. You could always check via the CLI, just perform something similar to:
config application list edit "default" config entries edit 1 set category ?
At ?, the fgt should output something similar to:
ID Select Category ID 1 IM 2 P2P 3 VoIP 5 Video/Audio 6 Proxy 7 Remote.Access 8 Game 12 General.Interest 15 Network.Service 17 Update 19 Botnet 21 Email 22 Storage.Backup 23 Social.Media 24 File.Sharing 25 Web.Others 26 Industrial 27 Special 28 Collaboration 29 Business 30 Cloud.IT 31 Mobile
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
if you want to use the industrial services signatures you need to do this:
config ips global
set exclude-signatures none
end
Regards
bommi
NSE 4/5/7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
bommi, i have already tried that solution but it doesnt work. (https://forum.fortinet.com/tm.aspx?m=169179)
Dave hall, i have done what you said and it shows me the list like you put there. I have selected the industrial category but then it doesnt show me in the GUI, and I cant find the industrial signatures (modbus write and read for example).
I have tried to reboot several times but nothing happens, this is how i have the config now:
FGT60EXXXX # config vdom FGT60EXXXX (vdom) # edit root current vf=root:0 FGT60EXXXX (root) # config application list FGT60EXXXX (list) # edit Trafico\ industrial FGT60EXXXX (Trafico industrial) # config entries FGT60EXXXX (entries) # show config entries edit 1 set category 26 set application 25890 25900 44542 next edit 2 set category 2 3 5 6 7 8 12 15 17 21 22 23 25 26 28 29 30 31 next end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Under 5.6 (and under 5.4), it looks like the industrial signatures are excluded by default (see https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-security-profiles/Other_Profile_Cons... ), if the global option exclude-signatures is set to none and the CLI does show category 26 set in one of the app list, but is not showing up in the UI, it may be possible that you are looking at cached content - try refreshing the page and/or try another web browser.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have activated the signatures (put it on "none" exlude industrial signatures) and i have selected all categorys in the application list menu and nothing works
Any ideas??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried clearing the browser cache or using a different web browser and/or accessing the fgt from a different workstation/labtop - all three? The only times I have encounter something like this is using using an unsupported browser version (some of the page elements wouldn't show up) or didn't clear the browser cache following a major firmware upgrade.
Also have you followed the recommended Upgrade path for going from 5.4.x to 5.6.6? It looks like the min. 5.4 version needed to go straight to 5.6.6 is 5.4.10.
jeskudero wrote:I have activated the signatures (put it on "none" exlude industrial signatures) and i have selected all categorys in the application list menu and nothing works
Any ideas??
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
It seems like Fortinet has exclude the industrial signatures from the UTM license group, you hava to purchase those signatures apart of the UTM license or you have to purchase the enterprise licecense. That was my local seller response.
anyway, thanks for your responses!