This article describes the issue that occurs in FortiGate v7.4.2 and v7.4.3. This happens only to FortiGates running Policy-Based NGFW mode.
In the example, there is a Security Policy (FortiGate in Policy-Based NGFW mode) that has the option Service ‘ALL’ set (Via Specify option), but it is necessary to edit the Policy to allow only certain Applications Signatures.
When selecting the option ‘App Default’ to define the application(s) that are going to be used in the Security Policy (in this example the 2Flex) whenever selecting ‘OK’ to submit the configuration, the configuration is not saved and the below error appears:
‘Empty values are not allowed.The attribute can`t be empty!’.
Scope
FortiGate v7.4.
Solution
Upgrade to v7.4.4, which has a fix for this issue: 988029: On FortiGate, when in policy-based mode, the Service of a security policy cannot be changed from Specify to App Default.
Resolved issues
If it is not possible to upgrade at the moment, edit the security policy in the CLI as below:
config firewall security-policy
edit X <----- Firewall policy ID. set enforce-default-app-port enable end
In the GUI, select the applications to include, by selecting ‘App Default’.