| Description | This article describes possible causes and solutions for legitimate traffic getting blocked due to 'port-violation' in application control. |
| Scope | FortiGate, FortiProxy. |
| Solution |
It has been a practice for some time to use non-standard ports for well-known applications and web traffic for different reasons. When using application control as a UTM feature, it checks for port details based on the settings. This feature can be controlled using the below setting under application control, which is tuned off by default.
config application list
In the context of FortiProxy and using Proxy chaining, where we are not aware of the settings of the upstream third-party proxy, above mentioned setting might cause an issue. Hence, it is recommended to keep it disabled.
A large proportion of legitimate traffic is comprised of Google traffic. At present, Google uses the QUIC protocol for most of its traffic, which converts normal TCP sessions to UDP-based QUIC protocol-based traffic. There had been cases where 'Block applications detected on non-default ports' is enabled, traffic generated via the QUIC protocol is considered as non-default port traffic and resulting in blocking the traffic.
As another option, it is possible to block QUIC traffic. Refer to this article: Technical Tip: How to block/disable QUIC. |
