Staff

Troubleshooting Tip: Block Remote Access Category when TLS is allowed in Application and Filter Overrides

Forum|Forum|10 months ago
July 11, 2025
0 replies
708 views

Description

This article explains how to block Remote Access Category by Application Control profile when TLS is allowed in Application and Filter Overrides.

Scope

FortiGate.

Solution

In the below Application Control Profile, the Remote Access Category is blocked, and TLS is allowed:

Even when the Remote Access category is blocked, the AnyDesk application is allowed in the following logs:

To block Remote Access Category even when TLS is allowed in Application and Filter Overrides.

Add another rule under the 'Application and Filter Overrides' section, select 'Create New' in this section, select the 'Filter' type at the top of the 'Add New Override' panel. Add the 'Remote Access' category in the 'Filter' entry and select 'OK' to create the new rule.

Select all the popularity (selected 1 star to 5 stars) to avoid the error messages:

Rem-3.1.png

Make sure the newly created rule is placed with a higher priority than the TLS rule:

Afterwards AnyDesk application will be blocked by the Remote Access Category:

Note the order of inspection in the application Control. Initially, it checks the Application and Filter Overrides in the top to bottom order of the list, then it checks the categories.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded