FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gakshay
Staff
Staff
Article Id 194009

Description


This article explains how editing the FSSO policy.

Edit the policy from GUI and do not edit any existing settings, click on 'OK'

Scope


FortiGate

Solution


Follow the steps below:

1) Edit the ipv4 policy from CLI, set the FSSO to default setting.

 

# config firewall policy

edit 5

set name "Fsso Policy"
set uuid 1fb03232-ccaf-51e9-0a90-e44b439ef138
set srcintf "port1"
set dstintf "port2"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set schedule "always"
set schedule-timeout disable
set service "ALL"
set fsso enable                        <===========
set nat enable

next

end

 

2) Edit the policy from GUI and do not edit any existing settings, click on 'OK'

Mohit_S_0-1655774214353.png

 

 

3) From the CLI on editing the IPV4 policy the current FSSO setting would be disabled.
 
# config firewall policy
edit 5
set name "Fsso Policy"
set uuid 1fb03232-ccaf-51e9-0a90-e44b439ef138
set srcintf "port1"
set dstintf "port2"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set schedule "always"
set schedule-timeout disable
set service "ALL"
set fsso disable <===========
set nat enable
next
end
 
Editing the IPV4 policy from GUI would make the FSSO setting disabled even though the default FSSO setting is enabled.
Make sure to not edit the IPV4 policy on which the default FSSO setting is enabled.
Always enable the CLI mode, create and edit the IPV4 policy on which the default FSSO setting is to be enabled which would not change the current FSSO settings to disable.
Contributors