FortiGate should be set up in explicit proxy to allow specific applications using application service.

1. Go to Policy & Objects -> Services, select Create New then Service. Enable Application Service. Select the desired application to be allowed or denied. It is also possible to allow or deny specific application categories. Configure the destination port of the application.

2. Select the application service under Service of the policy under Policy & Objects -> Proxy Policy.

Note:

• Enable SSL/SSH Inspection: It is necessary for identifying encrypted application traffic accurately.
• Verify that application signatures are up to date. Otherwise, issues may occur with traffic categorization in policies that rely on application signatures. For more details, see Technical Tip: Application Control Signatures are not updated automatically.
• If a manual update is required on the application signatures, see Technical Tip: How To Upgrade Application Control Definitions Manually.