FortiGate Firewall, configured in policy mode, gives the option to add application signatures under firewall policies.
This gives more flexibility because specific applications can be configured within the firewall policy without the need to configure an application security profile and call it under security profiles.

The simple configuration that allows only the CrazyRemote application is shown below.

Policy-mode:

config system settings
    set ngfw-mode policy-based
end

Firewall policy:

config firewall security-policy
    edit 1
        set name "Block-CrazyRemote"
        set srcintf "port2"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set logtraffic disable
        set application 36460
    next
end

GUI Version:

The problem arises when the device is upgraded.

Because application signatures are updated continuously, this signature is removed from later FortiOS versions.
Meaning that if some policies are configured as in the example above, when the device is upgraded and CrazyRemote (or any other signature) is removed, the first policy will become 'DENY ALL':

After the upgrade:

The implication here is that this policy will block all the traffic, even though at the beginning its purpose was to only block specific applications.

The solution here is to upgrade to FortiOS v7.4.7 and higher versions.

When the upgrade is performed, CrazyRemote is again recognizable and not just an ID that is not included in the application signature database.