NGFW mode unavailable to change

matheusbpedro · ‎06-06-2023

I`m trying to get the certificate NSE4, but in the training (CBT Nuggets) have a NGFW option in the last version 7.0.10 I made this change without problems
System > Settings > NGFW Mode
Now, in version 7.0.11 I didnt find this options in the same section, print attached Version 7.0.11Version 7.0.10
Someone can help me?

Yurisk · ‎06-07-2023

You got the wrong VM image - you installed FortiFirewall, but you need FortiGate.

Output of free licensed VM Fortigate, see the name after Version:

FGT-7-2-2 # get sys stat
Version: FortiGate-VM64 v7.2.2,build1255,220930 (GA.F)
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2001-01-01 00:00)
Serial-Number: FGVMEV_ATFDMNL66
License Status: Valid
VM Resources: 1 CPU/1 allowed, 2007 MB RAM/2048 MB allowed

More on difference https://community.fortinet.com/t5/Support-Forum/What-is-FortiFirewall/td-p/222567

Yuri https://yurisk.info/ blog: All things Fortinet, no ads.

View solution in original post

srajeswaran · ‎06-07-2023

Do you have VDOMs enabled? Can you check from the CLI?

To enable policy-based NGFW mode without VDOMs in the CLI:

config system settings
    set ngfw-mode policy-based
end

To enable policy-based NGFW mode with VDOMs in the CLI:

config vdom
    edit <vdom>
        config system settings
            set ngfw-mode policy-based
        end
    next
end

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

matheusbpedro · ‎06-07-2023

Hi Suraj,

I try your comment in my VM, but it looks like all commands that you sent in this version didnt work, see below:

srajeswaran · ‎06-07-2023

Can you share below outputs?

get system status

get system settings | grep ngfw

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

matheusbpedro · ‎06-07-2023

Here is

srajeswaran · ‎06-07-2023

I tested the behavior on 7.0.11 VM and I can see the NGFW option. Can you try to reinstall the VM and test ?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Yurisk · ‎06-07-2023

You got the wrong VM image - you installed FortiFirewall, but you need FortiGate.

Output of free licensed VM Fortigate, see the name after Version:

FGT-7-2-2 # get sys stat
Version: FortiGate-VM64 v7.2.2,build1255,220930 (GA.F)
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2001-01-01 00:00)
Serial-Number: FGVMEV_ATFDMNL66
License Status: Valid
VM Resources: 1 CPU/1 allowed, 2007 MB RAM/2048 MB allowed

More on difference https://community.fortinet.com/t5/Support-Forum/What-is-FortiFirewall/td-p/222567

Yuri https://yurisk.info/ blog: All things Fortinet, no ads.

srajeswaran · ‎06-08-2023

That's a great catch.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

matheusbpedro · ‎06-08-2023

Thanks so much, I just downloaded the first new deploy from VM Images, and now I noticed it.

Once more, thanks! You helped a lot.

Yurisk · ‎06-07-2023

Try changing on CLI as @srajeswaran mentioned above, or try to delete all cookies/enter in Incognito mode of the browser. This setting is for there and didn't move, seems like a browser thing.

Yuri https://yurisk.info/ blog: All things Fortinet, no ads.