AnsweredHot!CASI feature not visible in proxy-based inspection mode

Author
fjulianom
Silver Member
  • Total Posts : 101
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
2017/11/01 14:26:03 (permalink)
0

CASI feature not visible in proxy-based inspection mode

Hi guys,
 
When trying to activate the CASI feature I noticed it is not visible under System > Feature Visibility. My Fortigate is working in proxy-based mode, but the NSE4 course says it is OK:
 

 
However, the Fortinet Help says the following:
 
Unfortunately CASI does not work when using Proxy-based profiles for AV or Web filtering for example.
Make sure to only use Flow-based profiles in combination with CASI on a specific policy.
http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_CASI.htm
 
But I am not sure if that means CASI doesn't work with proxy-based mode at all or if it can be used within a profile without proxy profile.
 
What do you think about this? By the way, I am running firmware v5.6.2.
 
Regards,
Julián
 

Attached Image(s)

#1
bommi
Gold Member
  • Total Posts : 122
  • Scores: 10
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: offline
Re: CASI feature not visible in proxy-based inspection mode 2017/11/01 15:41:55 (permalink) ☼ Best Answerby fjulianom 2017/11/02 09:45:06
0
Hi,
 
the CASI "feature" has been removed from 5.6.
You can get the same functionality using the application control profiles.
 
Regards
bommi
#2
fjulianom
Silver Member
  • Total Posts : 101
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
Re: CASI feature not visible in proxy-based inspection mode 2017/11/02 09:45:38 (permalink)
0
Hi Bommi,
 
Ok, many thanks for clarifying!
 
Regards,
Julián
#3
fjulianom
Silver Member
  • Total Posts : 101
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
Re: CASI feature not visible in proxy-based inspection mode 2018/01/18 12:27:52 (permalink)
0
Hi Bommi,
 
Within the Application Control profile I can see a warning which says "97 Cloud Applications require deep inspection", which matches with NSE4 when says "When applying a CASI profile to a firewall policy, enable deep inspection in the firewall policy as CASI is basically doing deep inspection of cloud applications."
 

 
 
How can I know what applications requiere deep inspection? Because I am not applying deep inspection and my application controls works fine.
 
Regards,
Julián

Attached Image(s)

#4
fjulianom
Silver Member
  • Total Posts : 101
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
Re: CASI feature not visible in proxy-based inspection mode 2018/01/29 04:42:47 (permalink)
0
Hi guys,
 
Any idea?
 
Regards,
Julián
#5
Jump to:
© 2018 APG vNext Commercial Version 5.5