Technical Tip: Application control in 'Monitor' mo...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 200968

Description

This article describes a possible reason why FortiGate blocks certain applications from connecting to their servers when Application Control is used, even when the matching category is in “Monitor” mode.

The cause seems to be a coincidence of ports being used, and this article presents a fix on the FortiGate side, as it is easier than asking for the App developers to change their ports.

Details

A few Gaming applications are using a different port to start an SSL connection to their servers, other than the classic port 443. When that port is the same port that FortiGate is listening for override signals, the traffic will not be forwarded to the internet.

Workaround:

- First run a packet capture to see which port is used by the application and confirm this is the same issue:

# diag sniffer packet any “host 192.168.x.x and (port 8008 or port 8010 or port 8020)” 4 0 l

(Use the local client IP as filter; run the application and see if any packet arrives on FortiGate from LAN, for these ports)

- change the port in question to a different one, as in this example:

# config webfilter fortiguard
    set ovrd-auth-port-http 9008
    set ovrd-auth-port-https 9010
    set ovrd-auth-port-warning 9020
end

Reference

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Resolve-issue-web-filter-block-override-an...

3070

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Application control in 'Monitor' mode blocks certain application

You are leaving our website