Information
Ensure that all security policies in effect clearly state which protocols / services they are allowing.
Rationale:
This is to make sure that the firewall do not allow traffic with unauthorized protocols/services by mistake.
Solution
This is an example showing how to modify policy with ID of 2 to change the service from 'ALL' to FTP and SNMP.
In CLI:
FGT1 # config firewall policy
FGT1 (policy) # edit 2
FGT1 (2) # set service 'FTP' 'SNMP'
FGT1 (2) # end
FGT1 #
In the GUI,
1. Go to Policy & Objects.
2. Click on Firewall Policy.
3. Select the policy, click 'Edit'.
4. In the Service section, click on it and select FTP and SNMP. Click OK.
Default Value:
By default, all new policy will have 'ALL' in its service field.