missing APP and IPS filters when using cli

pnobels · ‎09-24-2024

Hi,

i'm trying to use the cli in Forti Manager 7.0.12 to script a policy.

config firewall policy

edit 0

set name "test-policy"

set srcintf ZONE_LAN

set dstintf ZONE_LAN

set srcaddr test-1

set dstaddr TESTGRP

set service TCP_5000-6000

set action accept

set profile-protocol-options PROXY_FILTER

set ssl-ssh-profile SSL_FILTER_CERT

set ips-sensor IPS_FILTER

set application-list APP_FILTER

set inspection-mode flow

set internet-service disable

set nat disable

set logtraffic all

set schedule always

I can run this script successfully. No errors. However in the gui the policy does not contain the APP and IPS filters?

Any hint?

AEK · ‎09-24-2024

Hi

Can you try add "set utm-status enable"?

AEK

AEK · ‎09-24-2024

Hi

Can you try add "set utm-status enable"?

AEK

johnathan · ‎09-24-2024

What is the FortiGate version? I can see that App Ctrl may be hidden on 7.6.0 unintentionally: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Application-control-not-visible-in-t...

Regarding IPS, you probably just need to go to Feature Visibility and turn 'IPS' on.

"Never trust a computer you can't throw out a window."

pnobels · ‎09-25-2024

Hi,

adding "set utm-status enable" solves the issue. Thx!

Nominate a Forum Post for Knowledge Article Creation