Created on 09-27-2020 06:57 PM Edited on 02-05-2024 01:40 AM By Jean-Philippe_P
Description
This article explains why security profiles such as AV, Webfilter, Email filter and File filter are missing after the upgrade to v6.4.x on a newly created firewall policy.
Solution
Starting from FortiOS v6.2, Inspection mode is configured per firewall policy. You can enable Flow-based or Proxy-based Inspection Mode on a firewall policy.
And from FortiOS v6.4, there is a new enhancement to choose Flow-based or Proxy-based inspection mode on individual security profiles.
It is possible to select the appropriate feature set option (flow-based/ proxy-based) on the security profile based on the inspection mode you chose in the firewall policy.
If flow-based inspection mode is chosen on a newly created firewall policy,
It is advisable to select Flow-based feature set in order to enable this security profile in the firewall policy. And for a firewall policy in proxy-based inspection mode, select Proxy-based feature set.
Note:
After the firmware upgrade to v6.4.x if FortiGate converted a Security Profile to Proxy-based feature set, the profile will not be available/visible for use on the Flow-based firewall policies. In such cases, create a new security profile with flow-based feature-set and apply to the Flow-based firewall policy.
To learn how FortiGate converts the feature set of security profiles on the existing firewall policies post upgrade from v6.2.x to v6.4.x, please refer to the release notes.
https://docs.fortinet.com/document/fortigate/6.4.0/new-features/857402/security-profiles-enhancement...
Upgrade support.
Upgrading from 6.2.x to 6.4.0 causes the following changes to security profiles.
Upgrade scenario |
Result after upgrade |
Profile was assigned exclusively to flow-base firewall policies in 6.2.x. |
feature-set = flow |
Profile was assigned exclusively to proxy-base firewall policies in 6.2.x. |
feature-set = proxy |
Profile was assigned to both flow-base and proxy-base firewall policies in 6.2.x. |
feature-set = proxy |
Profile was not assigned to any firewall policies in 6.2.x. |
feature-set = flow |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.