Technical Tip: Application control detects the application type, but does not block it if the FQDN is in the exempt list of the deep inspection profile
| Description | This article describes that the application control detects the application type, but does not block it if the FQDN is in the exempt list of the deep inspection profile. |
| Scope | FortiOS. |
| Solution | If an FQDN (for example sls.update.microsoft.com) used by an application (Windows Update) is included in the exempt list of the deep inspection profile, that application will not be blocked by the Application Control Profile, even though it will be identified properly.
The reason behind it is the fact that the Exempt list in the deep inspection profile has more priority compared to the Block/Reset action of the Application Control. |