NGFW Policy Mode (371602)
You can operate your FortiGate or individual VDOMs in Next Generation Firewall (NGFW) Policy Mode.
You can enable NGFW policy mode by going to System > Settings, setting the Inspection mode to Flowbased and setting the NGFW mode to Policy-based. When selecting NGFW policy-based mode you also select the SSL/SSH Inspection mode that is applied to all policies
Flow-based inspection with profile-based NGFW mode is the default in FortiOS 5.6.
Or use the following CLI command:
config system settings set inspection-mode flow set policy-mode {standard | ngfw}
end
NGFW policy mode and NAT
If your FortiGate is operating in NAT mode, rather than enabling source NAT in individual NGFW policies you go to Policy & Objects > Central SNAT and add source NAT policies that apply to all matching traffic. In many cases you may only need one SNAT policy for each interface pair. For example, if you allow users on the internal network (connected to port1) to browse the Internet (connected to port2) you can add a port1 to port2 Central SNAT policy similar to the following:
Application control in NGFW policy mode NGFW Policy Mode (371602)
Application control in NGFW policy mode
You configure Application Control simply by adding individual applications to security policies. You can set the action to accept or deny to allow or block the applications.
NGFW Policy Mode (371602) Web Filtering in NGFW mode
Web Filtering in NGFW mode
You configure Web Filtering by adding URL categories to security policies. You can set the action to accept or deny to allow or block the applications.
Other NGFW policy mode options NGFW Policy Mode (371602)
Other NGFW policy mode options
You can also combine both application control and web filtering in the same NGFW policy mode policy. Also if the policy accepts applications or URL categories you can also apply Antivirus, DNS Filtering, and IPS profiles in NGFW mode policies as well a logging and policy learning mode.
New FortiView Endpoint Vulnerability Scanner chart (378647) Other NGFW policy mode options