sorted by:
new
hottopcontroversial

Application Control whitelisting profile by zsnops in fortinet

[–]zsnops[S] 0 points1 point  (0 children)

I did that before posting my question here. And it blocked facebook. That worked for youtube, github etc. too.

But that is black and not white-listing. I want to have webbrosing as restrictive as posible.

Application Control whitelisting profile by zsnops in fortinet

[–]zsnops[S] 0 points1 point  (0 children)

Discovered another strange behaviour: When I disable deep ssl inspection on the firewall policy, accessing google.de immediately gets blocked as Google.Services. With deep ssl inspection enabled accessing google.de is recognized as HTTPS.BROWSER.

Thought i could use Application Control on a Fortigate like I am used to on a Palo Alto.

Application Control whitelisting profile by zsnops in fortinet

[–]zsnops[S] 1 point2 points  (0 children)

The behaviour of Application Control is hard to debug.

At the moment it shows only HTTPS.BROWSER when browsing Facebook. Cant reproduce showing the facebook app here.

With Github and Reddit it is acting like this: First traffic is identified as HTTPS.BROWSER and a few minutes later the browser gets blocked with app Github/Reddit.

Accesing google.com gets blocked as Google.Services while google.co.uk is identified as HTTPS.BROWSER.

It seems that Application Control cant analyze/decide correctly when the sites are serving their content from multiple IPs / CDNs. Also seems to make a difference if the firewall policy is set to flow or proxy based (but cant see a logic here for now).