Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akileshc
Staff
Staff

Created on ‎03-02-2022 12:47 AM Edited on ‎03-17-2025 06:14 AM By Moderator

Article Id 205867

Technical Tip: How to apply and validate a custom application signature in FortiGate

Description
This article describes how to apply and validate an application custom signature in FortiGate.
Scope Granular control can be achieved by blocking, monitoring, accepting, or quarantining packets that match the signature.
Solution
Custom application signatures help to recognize particular sorts of packets as they pass through the FortiGate, 
and this custom signature may be applied to an application control sensor once built.
 
It is possible to configure the sensor to block, monitor, allow, or quarantine packets that match the signature. 
After that, the sensor can be added to a firewall policy. 
 
When a packet with the custom signature is recognized by the firewall policy, 
the FortiGate does the action defined with the packet.

Use the following CLI commands to add the custom signatures.

 

For example:


config application custom
    edit "FastLemon.VPN.ProH.Set.Custom"
        set signature "F-SBID( --name \"FastLemon.VPN.ProH.Set.Custom\"; --protocol tcp; --flow from_client; --dst_port 29914; --seq =,1,relative; --data_size >144; --data_size <293; --pattern !\"|16 03|\"; --context packet; --within 2,context; --pattern !\"|17 03|\"; --context packet; --within 2,context; --pattern !\"|00 00|\"; --context packet; --tag set,Tag.xvpn.ProH.TCP.Set; --app_cat 6; --weight 15; )"
    next

end

 

View Customer Signature Using the GUI:

 

akileshc_1-1646210012383.png

 

To add the custom application signature from GUI, navigate Security Profile -> Application Signature and then choose Create New -> Custom Application Signature.

Screenshot 2025-03-15 122620.png


For more information:

See the documentation on Creating IPS and application control signatures here. 

 

Note:
Fortinet Technical Support department does not offer technical assistance in customizing application control signatures.

Use this form to submit a custom application signature request Application Control Submission Form | FortiGuard Labs

 

Details about what is and is not supported by Fortinet TAC support in support tickets can be found here:

Technical Tip: Technical support on customization on various Fortinet products
11596
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.