- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Inspection Mode
Dear Guys...Need Help
My firewall is in Proxy mode inspection, i just want to edit some of my IPv4 Policies from proxy mode to flow mode. This can be possible through CLI only. Can you people guide me the exact syntax of commands to perform this task.
- Labels:
-
5.4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To control your FortiGate's security profile inspection mode in FortiOS 5.6, you can select Flow-based or Proxy inspection modes from System > Settings. Having control over flow and proxy mode is helpful if you want to ensure that only flow inspection mode is used.
In most cases proxy mode is preferred because more security profile features are available along with more configuration options for these individual features. Some implementations, however, may require all security profile scanning to only use flow mode. In this case, you can set your FortiGate to flow mode knowing that proxy mode inspection will not be used.
CLI syntax
The following CLI command can be used to configure inspection and policy modes:
config system settingsset inspection-mode {proxy | flow}set policy-mode {standard | ngfw}end Regds, Ashik- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had also studied this whole article.
You did not get my point.
I said that i just want to change a single ipv4 policy...not whole of the inspection mode from proxy to flow base.
Example:- I have policies from 1-20, and i just want to change inspection mode of policy 10 from proxy to flow mode...how can i do so?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In general Fortinet hasn't recommended mixing proxy and flow profiles (at least in one policy), though it was possible, at least in 5.4.x. Here's a discussion of this: https://forum.fortinet.com/tm.aspx?m=135666. My guess is that it's a case they don't fully test.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tanr,
Did you happen to figure out if this big conversation with 5.4 still applies to 5.6, then 6.0?
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Proxy based Inspection mode is recommended for Deep packet inspection ...
For AV Cli syntax will be ...as follows
config antivirus profile edit AV-Flow set inspection-mode flow-based
Likewise you can get other Security filteres as well .
Regds,
Ashik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Toshi,
No, I haven't gotten official or unofficial word on this yet.
Under 5.6.5 I briefly tried running the policies I had used for testing mixed proxy and flow. They didn't break, but I didn't leave them running long enough to call that a valid test. My guess would be that we're still in a similar state - where it works but might not have been fully tested.
That said, per https://docs.fortinet.com/uploaded/files/4287/fortigate-parallel-life-60.pdf IPS is still only flow, and AV and Web Filter will be Proxy if you're in proxy inspection mode, so we're getting some mixed by default. From that document:
"IPS and Application Control are only applied using flow-based inspection. Web Filtering, DLP and Antivirus can also be applied using proxy-based inspection."