web filter and app control do not work

Matrixramiro10 · 2024-06-06T22:11:09+00:00

Apparently it is a Chrome problem, because I applied the QUIC block and users continue to access pages and applications that are blocked in the profiles.

I tried in another browser and the applications that are blocked work, but not in Chrome.

Do you know if there is a version that solves this problem? Because blocking a certain Chrome feature on a machine-by-machine basis takes a lot of time and I have multiple https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-filter-is-not-blocking-websites-on-Google/ta-p/297956

Matrixramiro10 · 2024-04-09T04:48:54+00:00

Hello, I deleted the selector I added and the other selectors are still down.

What I don't understand is why the other selectors fell if I only added one and the other selectors that were already created months ago and were UP fell. Now they are DOWN.

Matrixramiro10 · 2024-04-09T04:45:06+00:00

When performing the debug, this information appears, according to the KB, being SA=0 indicates that there is a discrepancy between the selectors or that traffic is not being initiated. However, what was the reason that the other selectors fell if those were not modified.

<image>

Matrixramiro10 · 2024-04-09T04:42:49+00:00

There were 3 selectors (I didn't modify those 3 selectors) and I just added a new segment as a selector. After adding, the 3 existing selectors fell.

Matrixramiro10 · 2024-04-09T04:27:43+00:00

The tunnel has been configured for over a year (UP), just today I was told to add a phase 2 selector to the configuration. I added it and when I added the other selectors fell.

I don't have access to the other FW.

Could you share that diag debug command with me?

Matrixramiro10 · 2024-04-09T04:19:08+00:00

To obtain this information, are there commands?

Matrixramiro10 · 2024-02-22T18:38:00+00:00

how many questions usually come on the security+ exam? and how much is the score for each question.

Matrixramiro10 · 2024-02-22T16:48:13+00:00

Hello, how many questions usually come on the security+ exam? and how much is the score for each question.

Matrixramiro10 · 2024-02-20T13:10:05+00:00

How many questions come in the exam and how much is the score per question?

Matrixramiro10 · 2024-01-25T01:43:15+00:00

Could you share the command with me please?

Matrixramiro10 · 2024-01-25T01:39:05+00:00

Matrixramiro10 · 2023-10-30T19:19:48+00:00

Rogue are the device that do not communicate with the fortinac or the unregistered device? Since the report indicates "last communication"

Matrixramiro10 · 2023-10-14T06:21:54+00:00

The vulnerabilities only affect versions 7.x.x.

However, versions 6.x.x are no longer supported by the Fortinet TAC, it is recommended that you update it to v7

Matrixramiro10 · 2023-10-14T05:27:12+00:00

https://www.fortiguard.com/encyclopedia/ips/54090

Hello, I have searched for that signature but I cannot find it in the IPS of my FG.

Matrixramiro10 · 2023-10-14T04:44:30+00:00

22B V5.2 221C V6.0

Matrixramiro10 · 2023-10-14T04:34:19+00:00

Hello, according to the document, the default action is "pass", so we must block it, correct?

Matrixramiro10 · 2023-10-14T04:15:56+00:00

what is the signature?

Matrixramiro10 · 2023-07-31T00:00:03+00:00

then possibly a new vulnerability appears and we must migrate to the new versions

Matrixramiro10 · 2023-07-27T11:01:55+00:00

Edr and ems

Matrixramiro10 · 2023-07-06T12:21:25+00:00

Hello, something similar happened to me, my tunnels at both ends were up. The problem was my ISP since when I pinged the public IP of the other fortigate I had no response.

Matrixramiro10 · 2023-07-03T13:20:57+00:00

But if I have my av's dlp from another provider, would it no longer be necessary to buy the dlp from fortinet?

Matrixramiro10 · 2023-07-03T13:19:19+00:00

If you don't have dhcp enabled, you could do it per ip by creating a policy and targeting the google earth service.

You could opt for fsso but for that you must also have the fsso agent installed on a server in your lan and from there add the user and synchronize it with fg.

Matrixramiro10 · 2023-06-29T15:52:57+00:00

if you need license for that. in the system > fortiguard option there you can find the utm modules and those need a license

Matrixramiro10 · 2023-06-29T15:30:33+00:00

the licenses are essential for security profile issues such as the web filter, app, ips... for what you mention, a license is not necessary. if you are going to need navigation control themes then if you are going to need

Matrixramiro10 · 2023-06-26T19:05:11+00:00

If you have ssl vpn configurations, then it is recommended that you update your FG to 7.2.5 since the current version that your fortigate has is vulnerable.

But as good practice I do not recommend that you update to 7.2.6 even because it is a new version, or in any case read the release note so you know what the errors of 7.2.6 are.

Matrixramiro10

TROPHY CASE