Hi, noticed something unexpected today. Internet access for specific host is blocked based on app filter. When checking the UTM blocked rule i see it's actually blocked because of : However, when viewing the APP_FILTER cloud.IT is only set to monitor : Could be blocked on one of the overrides, but i see no further info in the Analyzer logs on which override.Is there any way to debug this further?

New Member

Solved

APP_FILTER blocking connection altough category set to monitor

Forum|Forum|1 year ago
December 5, 2024
3 replies
1105 views

Hi,

noticed something unexpected today.

Internet access for specific host is blocked based on app filter. When checking the UTM blocked rule i see it's actually blocked because of :

Screenshot 2024-12-05 160753.png

However, when viewing the APP_FILTER cloud.IT is only set to monitor :

Screenshot 2024-12-05 161415.png

Could be blocked on one of the overrides, but i see no further info in the Analyzer logs on which override.

Is there any way to debug this further?

FortiGate

Best answer by pminarik

While Cloud.IT is set to monitor, your override rule #5 says to block Botnet, Evasive, and Tunneling. ForcePoint.Cloud.Proxy matches this with the Tunneling flag.

sjoshi

Staff

is that host using proxy to connect internet?

Thanks, Salon

pnobelsAuthor

New Member

no proxy is used

sjoshi

Staff

it is being blocked by force point cloud proxy

can you allow that app signature and put it on top under app override rule

Thanks, Salon

pnobelsAuthor

New Member

It works by allowing the forcepoint cloud proxy app signature as an override. But does not explain why it's blocked originally since cloud.IT is set to monitor only...

pminarikAnswer

Staff

While Cloud.IT is set to monitor, your override rule #5 says to block Botnet, Evasive, and Tunneling. ForcePoint.Cloud.Proxy matches this with the Tunneling flag.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded