FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ycho
Staff
Staff
Description
This article describes how to block attachments sending via Kakaotalk messenger, when the Kakaotalk_file.transfer signature action is set to block and added on the application.

Scope
For FortiOS 6.0.8 or earlier and for IPS Engine 3.420 and above.

Solution
1) Adding the 'Kakao_File.Transfer' signature automatically adds the 'KakaoTalk signature.





2) See that the Kakao.File_Transfer signature has been added to entry number 2.




3) When checking attachment blocking behavior, only logging for KakaoTalk application policy remains and cannot be blocked.

The reason is that the configuration sequence of signatures/categories in application control sensor affects signature detection for the IPS engine 3.420 and above since it allows the user to choose which signatures have higher priorities.

For the order change, whenever an app control sensor configuration changes is made from the web GUI, the entries order reset to what it originally was, and reordering through CLI commands is required in this case as below.
#config application list
    edit test  entry name
    #config entries
    move 2 before 1
end



Also, this issue has already been mitigated on FortiOS v6.2 and above, where user can make arrangement of the entries order directly through the web GUI by drag-and-drop.

Contributors