Security Profile Groups

Have you ever configured a bunch of policies that use the same security profiles in FortiGate but suffer from click fattigue?  Well you may like this nifty feature in FortiOS.

Use case:  You want to standardize your security profiles assigned to most of your inbound or outbound connections.  Rather than having to click on the various Security Profile options and then choose the drop down on each, you want an easier way of doing this.

First things first, we need to head over to the cli of the FortiGate.

We can see in the screenshot above, that:

1. We can see that gui-security-profile-group Is, by default disabled. You can do this by typing the show full | grep gui-secur command and then enter.
2. We need to go to config system settings and enable it, by typing set gui-security-profile-group enable
3. When we run a second show command, we can see it is now enabled.

NOTE:  Make sure you type end after enabling the feature.

Before the feature was enabled, we did not have a Profile Groups section under the Security Profiles on the FortiGate.

After you enable it, you will see that the GUI now shows the Profile Group

NOTE:  You will need to refresh your browser and possible log back in.

For this article I created multiple Security Profiles and prepended  LAB

Now lets create a Security Profile Group

Now when you create a policy, you will now see and additional option available.

We will now use our newly created Security Profile Group In the policy.

Hope this helps