Description
Solution
This article explains how to create an Application Sensor or add some Application Control signatures that are not displayed in the FortiGate Web GUI.
Solution
1. Create the Application Sensor
2. Enable logging for all applications
3 . Configure the entries to be inspected
In the end the configuration is:
FGT # config application list
FGT (list) # edit app_ctrl_name
new entry 'app_ctrl_name' added
2. Enable logging for all applications
FGT (app_ctrl_name) # set other-application-log enable
3 . Configure the entries to be inspected
FGT (app_ctrl_name) # config entries
FGT (entries) # edit 1 ----> Categories will be set up in this entry)
new entry '1' added
FGT (1) # set category ? ----> ? shows the category ID, in this example category Proxy ID 6 will be selected
ID Select Category ID
*
2 P2P
6 Proxy
7 Remote.Access
*
FGT (1) # set category 6
FGT (1) # set action block ----> Set the action Block/Pass, the default is block
FGT (1) # next
FGT (entries) # edit 2 ----> In this entry specific applications will be configured, for example Facebook.
new entry '2' added
FGT (2) # set application ?
ID Select application ID
*
15832 Facebook
23813 Facebook_AppName
17735 Facebook_Apps
29210 Facebook_Like.Button
40934 Facebook_Messenger.Image.Transfer
40935 Facebook_Messenger.Video.Transfer
40933 Facebook_Messenger.VoIP.Call
39381 Facebook_Messenger.Voice.Message
43448 Facebook_Personal
22922 Facebook_Plugins
35523 Facebook_Search
17399 Facebook_Video.Play
43449 Facebook_Workplace
*
FGT (2) # set application 15832 23813 23813 17735 17735 29210 29210 40934 40935 40933 39381 43448 22922 35523 17399 43449 ----> Select the application ID
FGT (2) # set action block
FGT (2) # next
FGT (entries) # end
FGT (app_ctrl_name) # next
FGT (list) # end
In the end the configuration is:
config application list
edit "app_ctrl_name"
set other-application-log enable
config entries
edit 1
set category 6
next
edit 2
set application 15832 23813 17735 29210 40934 40935 40933 39381 43448 22922 35523 17399 43449
next
end
next
end
