|
When the application control security profile is configured to block the Social Media category and a firewall policy is configured with ssl-ssh-profile 'certificate-inspection', FortiGate fails to block Facebook and classifies its category as 'unknown'.
config application list
edit "default-Facebook-Block"
set unknown-application-log enable
config entries
edit 1
set application 16103 16104 16074
set action pass
next
edit 2
set category 2 6 7 8 21 23 <----- 23 is 'Social.Media'.
next
edit 3
set action pass
next
end
next
end
config firewall policy
edit 4
set srcintf "port1"
set dstintf "wan1"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set inspection-mode proxy
set ssl-ssh-profile "certificate-inspection" <-----
set application-list "default-Facebook-Block" <-----
set logtraffic all
set nat enable
next
end
Forward Traffic logs:
eventtime=1722321210904291908 tz="+0900" logid="0000000020" type="traffic" subtype="forward" level="notice" vd="root" srcip=192.168.1.10 srcport=65120 srcintf="port1" srcintfrole="lan" dstip=31.13.82.36 dstport=443 dstintf="wan1" dstintfrole="wan" srccountry="Reserved" dstcountry="Japan" sessionid=782 proto=6 action="accept" policyid=4 policytype="policy" poluuid="d247591a-1bf2-51ef-9008-487331741222" policyname="WEB" service="ALL" trandisp="snat" transip=192.168.0.2 transport=65120 appcat="unknown" applist="default" duration=123 sentbyte=26072 rcvdbyte=40618 sentpkt=86 rcvdpkt=78 sentdelta=26072 rcvddelta=40618 durationdelta=123 sentpktdelta=86 rcvdpktdelta=78
This issue has been resolved in v7.4.8 and v7.6.1.
Workaround:
Configure a deep inspection profile in the firewall policy by installing the CA certificate in the user's browser. Or disable proxy-inline-ips using the below commands:
config ips settings
set proxy-inline-ips disable
end
To get more detail about the feature proxy-inline-ips please review the below article: Technical Tip: Proxy Inline Intrusion Prevention System feature in FortiOS
|
