Fortigate – change inspection mode on vdoms

glitchlist Uncategorized Leave a Comment

  From FortiOS 5.6 the default inspection mode is Flow-based. Useful to apply application policy, but if you do VoIP inspection (particularly SIP…) you have more option in Proxy mode.

The change has no impact on vdom infrastructure, you have to pay attention to some policies that are changed based on inspection mode.

So go under Global > System > VDOM, select Edit and click on Inspection Mode Proxy. Finally, Apply.

Very important, access vdom administration through SSH and reset all session (very fast and painless 😉 )

fortigate-lab01 # 
fortigate-lab01 # config vdom
fortigate-lab01 (vdom) # edit testVDOM 
current vf=testVDOM:9
fortigate-lab01 (testVDOM) # diagnose sys session clear  
fortigate-lab01 # 

.glitchlist crew

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.