FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gcortes1
Staff
Staff
Description
This article explains how to create an Application Sensor or add some Application Control signatures that are not displayed in the FortiGate Web GUI.

Solution
1.  Create the Application Sensor
FGT # config application list
FGT (list) # edit app_ctrl_name

new entry 'app_ctrl_name' added

2.  Enable logging for all applications
FGT (app_ctrl_name) # set other-application-log enable

3 . Configure the entries to be inspected

FGT (app_ctrl_name) # config entries
FGT (entries) # edit 1   ----> Categories will be set up in this entry)

new entry '1' added

FGT (1) # set category  ?    ----> ? shows the category ID, in this example category Proxy ID 6 will be selected

ID           Select Category ID
*
2            P2P
6            Proxy
7            Remote.Access
*

FGT (1) # set category 6
FGT (1) # set action block    ----> Set the action Block/Pass, the default is block
FGT (1) # next
FGT (entries) # edit 2    ----> In this entry specific applications will be configured, for example Facebook.

new entry '2' added

FGT (2) # set application ?
ID           Select application ID
*
15832        Facebook
23813        Facebook_AppName
17735        Facebook_Apps
29210        Facebook_Like.Button
40934        Facebook_Messenger.Image.Transfer
40935        Facebook_Messenger.Video.Transfer
40933        Facebook_Messenger.VoIP.Call
39381        Facebook_Messenger.Voice.Message
43448        Facebook_Personal
22922        Facebook_Plugins
35523        Facebook_Search
17399        Facebook_Video.Play
43449        Facebook_Workplace
*
FGT (2) # set application 15832 23813 23813 17735 17735 29210 29210 40934 40935 40933 39381 43448 22922 35523 17399 43449    ----> Select the application ID
FGT (2) # set action block
FGT (2) # next
FGT (entries) # end
FGT (app_ctrl_name) # next
FGT (list) # end

In the end the configuration is:
config application list
    edit "app_ctrl_name"
        set other-application-log enable
        config entries
            edit 1
                set category 6
            next
            edit 2
                set application 15832 23813 17735 29210 40934 40935 40933 39381 43448 22922 35523 17399 43449
            next
        end
    next
end

gcortes_FD40764_app_sensor_.PNG

Contributors