Fortigate block-high-risk applist gets accepted anyway

Forum|Forum|6 months ago
November 28, 2025
1 reply
317 views

Hello guys,

i stumbled into the FortiGate logs from external client which needed some analysis - ive checked the logs and there was value applist="block-high-risk" associated with public "grey area" application, but the action was action="accept" which might indicate that even the connection was flagged the connection was allowed anyway?

Demir25

New Member

Can you provide more information on the Problem? It is not possible to help further with the information provided. What is the traffic flow? What do you want to achieve? What are your actual configurations?

istro_jpAuthor

Visitor III

i dont have any configuration avalaible, just logs, but ive figured it out - there is an field named utmaction= where i found that application just BitTorrent is explicitly blocked and visible, when i tried the application which i was referring before (it was Telegram) it was allowed so means that Telegram is allowed even when there is applist="block-high-risk" field in the log entry - applist="block-high-risk" seems to be default block list per documentation.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded