Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NeilG
Contributor

What is the consensus for NGFW mode = Policy-based for 6.0.x or 6.2 model E or model F?

Has anyone had good experiences running in NGFW Policy-mode?

 

The phrasing from the current docs @ https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/978598/profile-based-ngfw-vs-policy-base...

Policy-based policies can have unexpected results when passing or blocking traffic. For example, if you add a new firewall policy to deny social media based traffic on applications or URLs, [style="background-color: #ffff00;"]having a traditional catch-all policy to deny all other traffic may unintentionally block legitimate traffic.[/style]

makes me think it is still not ready.

 

I really want this mode to work in production.

 

Please chime in with any recent positive or negative experiences.

 

Thanks!

0 REPLIES 0
Labels
Top Kudoed Authors