Description
This article describes how to place application Control signatures lookup at the top.
Scope
FortiGate with disk logging.
Version 6.4.X onwards.
The policy needs to have an application control profile.
Solution
Application signatures are doing sequential scans on traffic passing through policy.
Policies that have an application control profile applied and have too high traffic can have some slowness and need to have frequent matching signatures added to the top so that the applications are looked up faster and traffic processed faster.
1) 'Right-click; on the FortiGate policy and select 'show in Fortiview'.
2) On the Fortiview screen, select the 'Applications' tab and sort from the highest bytes.
Note the top application signatures that are frequently looked up and traffic for it.
3) Go to Security Profiles -> Application Control, edit the profile applied to the policy, under Application and Filter Overrides, select 'Create New', lookup the Signatures, and 'right-click' to 'Add Selected'.
Ensure appropriate action is selected from the drop-down.
4) Add other top signatures that are frequently matching and select the appropriate action.
5) Once signatures are added, select 'OK' and then select 'OK' on next page.
Once this is added to the Application control profile applied to the policy, it will scan these signatures first to check if a match is found and action them to speed up the lookup.