Hot!Grouping for Policy and security profiles

Author
Pany
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/24 00:29:01
  • Status: offline
2019/09/24 01:07:08 (permalink)
0

Grouping for Policy and security profiles

We have many policy and security profile need to manage, please add grouping feature in both feature.
#1

5 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 1751
    • Scores: 143
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Grouping for Policy and security profiles 2019/09/24 09:20:07 (permalink)
    0
    At least security profile grouping feature already exists under "config firewall profile-group".
    #2
    Pany
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/09/24 00:29:01
    • Status: offline
    Re: Grouping for Policy and security profiles 2019/09/24 19:18:56 (permalink)
    0
    I can not found "config firewall profile-group" on my firewall, only can search some result online can enable on CLI, but after Enable, no any change on my firewall, please help.

    Attached Image(s)

    #3
    Toshi Esumi
    Expert Member
    • Total Posts : 1751
    • Scores: 143
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Grouping for Policy and security profiles 2019/09/24 19:31:04 (permalink)
    0
    Follow this to enable it in GUI. Then "Profile Groups" sub-menu shows up under "Security Profiles" menu.
    https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-firewall/Concepts%20-%20Firewall/Making%20Security%20Profile%20groups%20visible%20in%20the%20GUI.htm
    Be aware that "config sys settings" is per vdom config, in case your in multi-vdom environment.
    #4
    ede_pfau
    Expert Member
    • Total Posts : 6097
    • Scores: 490
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Grouping for Policy and security profiles 2019/09/25 10:37:49 (permalink)
    5 (1)
    Depending on the version of FortiOS, sometimes you need to put in the group commands in CLI in one policy before it shows up in the GUI.
    I've even had the case where I knew I had inserted the CLI commands and it never showed in the GUI.
    Example:
    config firewall profile-group
        edit "win_clients"
            set av-profile "scan"
            set dnsfilter-profile "default"
            set ips-sensor "anti-ransom"
            set application-list "block-botnet&P2P"
            set profile-protocol-options "custom-default"
            set ssl-ssh-profile "my_certificate-inspection"
        next
    end
    config firewall policy
        edit 3
            set srcintf "WLAN-Gast"
            set dstintf "wan1"
            set srcaddr "WLAN-Gast"
            set dstaddr "all"
            set action accept
            set schedule "workinghours"
            set service "Gast-Services"
            set utm-status enable
            set profile-type group
            set profile-group "win_clients"
            set nat enable
        next
    end





    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #5
    KPS
    Silver Member
    • Total Posts : 99
    • Scores: 1
    • Reward points: 0
    • Joined: 2017/03/08 05:40:39
    • Status: offline
    Re: Grouping for Policy and security profiles 2019/09/25 14:42:20 (permalink)
    0
    There are already "sequences" for policies, but I totally agree: groups, chains, etc. would help a lot for larger rule-sets.
    #6
    Jump to:
    © 2019 APG vNext Commercial Version 5.5