QQ_Sign.In definition in QQ Application Control

Forum|Forum|4 years ago
August 11, 2021
1 reply
2442 views

Hi, We got a problem with one of the suppliers having a Fortinet FW regularly blocking our traffic because it is tagged as using QQ application, with specific blocking rule being the QQ_Sign.In We have no QQ IM appliaction on our end, we send only SMPP traffic towards the supplier and nothing else. We can't find the exact reason why the rule is triggered, can someone please share some more information on what is that specific rule looking for when filtering the traffic? Is it possible that the rule is triggered for specific SMS messages originating from Tencent?

Capture.JPG

cravikumar

Staff

This indicates an attempt to access QQ Instant Messenger.

https://www.fortiguard.com/appcontrol/12503

Can someone please share some more information on what is that specific rule looking for when filtering the traffic?

Fortinet’s applications detection capabilities are derived from mature data modeling created and maintained by FortiGuard Labs. The application control feature uses protocol decoders with signatures that analyze network traffic to detect application traffic, even if the traffic uses non-standard ports and protocols.

https://docs.fortinet.com/document/fortigate/7.2.0/sd-wan-architecture-for-enterprise/133330/application-identification

Is it possible that the rule is triggered for specific SMS messages originating from Tencent?

Yes.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded