Technical Tip: How to clear false positive value in application control
Description
This article describes how to clear false positive value in application control.
Solution
- Make sure that the traffic hits the correct firewall policy ID.
- Make sure that the application license is up-to-date.
Solution.
- In some situation, notice that in application control logs, FortiGate detects the wrong application.
- For example, in the testing PC, only Lotus note traffic to test, but in application control log, it shows as Bittorrent log.
- It is possible that after Bittorrent signature has been triggered, the IP address of the destination will be in the black lists.
Any sub sequence connection to the same destination IP address with be blocked.
Consider to run the CLI command as below to clear or unblock those server IP address.
Then application control will detect the correct application again.
Run the following CLI command to fix the issue:
This article describes how to clear false positive value in application control.
Solution
- Make sure that the traffic hits the correct firewall policy ID.
- Make sure that the application license is up-to-date.
Solution.
- In some situation, notice that in application control logs, FortiGate detects the wrong application.
- For example, in the testing PC, only Lotus note traffic to test, but in application control log, it shows as Bittorrent log.
- It is possible that after Bittorrent signature has been triggered, the IP address of the destination will be in the black lists.
Any sub sequence connection to the same destination IP address with be blocked.
Consider to run the CLI command as below to clear or unblock those server IP address.
Then application control will detect the correct application again.
Run the following CLI command to fix the issue:
# diagnose ips share clear exp_bt