Technical Tip: Display the Iprope table for an application signature ID

Description

This article describes how to display the Iprope table for an application signature ID.

Scope

FortiGate.

Solution

Follow the syntax below to view the Iprope table associated with any signature ID:

get firewall iprope appctrl list | grep -f <application id>

For example, 31077 is the application ID for Youtube access.

To check this over the CLI, execute the following command:

get firewall iprope appctrl list | grep -f 31077
  app-id=31077      list-id=2000  action=Pass      <-----
  app-id=31077      list-id=2001  action=Pass      <-----
  app-id=31077      list-id=2002  action=Pass      <-----
  app-id=31077      list-id=2003  action=Pass      <-----
  app-id=31077      list-id=2004  action=Pass      <-----
  app-id=31077      list-id=2005  action=Block     <-----

From the example, the YouTube application is blocked in one of the application control profiles and allowed for other profiles.

Note:

Versions v5.0 up to v6.4 are out of engineering support, so these commands may be different on higher versions. Consider upgrading the firmware level on the device to a supported version (v7.0 up to v7.6). Check the firmware path and compatibility depending on the hardware with the Upgrade Path Tool Table - FortiGate.