|
Requirements:
- FortiOS version 7.0.x and above.
- A licensed Fortigate (with an Active FortiGuard Subscription) 7.0.x and above.
- Access on the FortiGate (ability to edit).
- Access on the client PC or a PC in the same network segment/subnet.
Configuration:
- Login on the FortiGate device and locate the Policy to control this application or create a new policy.
Edit from the GUI:
Edit from the CLI:
show
config firewall policy
edit 2
set name "WINSRV"
set uuid 43acfd88-5a6b-51ef-f649-b04323467621
set srcintf "port2"
set dstintf "port1"
set action accept
set srcaddr "WINDOWSRV"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set inspection-mode proxy
set ssl-ssh-profile "rustemtac_DeepInspect"
set webfilter-profile "default"
set dnsfilter-profile "default"
set ips-sensor "default"
set application-list "default"
set logtraffic all
set logtraffic-start enable
set nat enable
next
end
- Set the appropriate Application Control profile. In this scenario, 'default' is used.
- Enable Certificate inspection (controlling this app does not require deep-inspection enabled).
From the GUI:
Edit from the CLI:
config application list
edit "default"
show
config application list
edit "default"
set comment "Monitor all applications."
config entries
edit 1
set application 17244
next
edit 2
set action pass
next
end
next
end
show
config firewall ssl-ssh-profile
edit "rustemtac_DeepInspect"
set comment "Read-only deep inspection profile."
config https
set ports 443
set status certificate-inspection
end
config ftps
set status disable
end
config imaps
set status disable
end
config pop3s
set status disable
end
config smtps
set status disable
end
config ssh
set ports 22
set status disable
end
config dot
set status disable
end
set caname "rustemtac.com"
next
end
Conclusion and verification:
Navigate to Logs & Report -> Application Control.
|
