FortiGate should be set up in explicit proxy to allow specific applications to use the application service.

1. Make Sure the Explicit Proxy is enabled for visibility in the GUI, using the below command:

config system settings
    set gui-proxy-inspection enable
end

2. After enabling, navigate to System -> Feature Visibility, then under Security Feature, enable explicit Proxy.

3. Go to Policy & Objects -> Services, select Create New, then Service. Enable Application Service. Select the desired application to be allowed or denied. It is also possible to allow or deny specific application categories. Configure the destination port of the application.

4. Select the application service under Service of the policy under Policy & Objects -> Proxy Policy.

Note:

• Enable SSL/SSH Inspection: It is necessary for identifying encrypted application traffic accurately.
• Verify that application signatures are up to date. Otherwise, issues may occur with traffic categorization in policies that rely on application signatures. For more details, see Technical Tip: Application Control Signatures are not updated automatically.
• If a manual update is required on the application signatures, see Technical Tip: How To Upgrade Application Control Definitions Manually.