Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
aahmadzada
Staff
Staff

Created on ‎11-15-2022 01:09 AM Edited on ‎11-15-2022 01:10 AM By Community Manager

Article Id 229901

Technical Tip: Application control detects the application type, but does not block it if the FQDN is in the exempt list of the deep inspection profile

Description This article describes that the application control detects the application type, but does not block it if the FQDN is in the exempt list of the deep inspection profile.
Scope FortiOS.
Solution

If an FQDN (for example sls.update.microsoft.com) used by an application (Windows Update) is included in the exempt list of the deep inspection profile, that application will not be blocked by the Application Control Profile, even though it will be identified properly.

 

The reason behind it is the fact that the Exempt list in the deep inspection profile has more priority compared to the Block/Reset action of the Application Control.

Therefore if an application has to be blocked, the relevant FQDNs have to be removed from the exempt list of the deep inspection profile.

 

850
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.