Scenario:

Splashtop is a remote desktop application. In cases where there is a main outbound Internet Access policy that is very restrictive, i.e., one that must use most of the UTM profiles for security reasons and in proxy-inspection mode, the Splashtop application traffic stops passing through FortiGate. Using flow-inspection mode works but this is not an option.

Searching forward policy logs for the main outbound Internet Access policy shows a 'connection failed' error indicating none of the UTM security profiles is the source of the block. However, on removing the UTM security profiles from the policy, the Splashtop application traffic starts passing through FortiGate but this is also not an option.

Solution:

On top of the main Internet access policy, which is in the proxy-inspection mode that must have UTM profiles, create a similar policy with Splashtop-Splastop ISDB Object as the only destination to allow the traffic preferably without UTM security profiles.

Note: Anti-virus or IPS UTM security profiles can be added to the Splashtop-Splastop policy if there are some security concerns.

Related articles:

• Technical Tip: Create ISDB objects with specific region
• Technical Tip: Common Internet Service Database Feature admin operations
• Technical Tip: How to solve an ISDB issues upon upgrade
• Technical Tip: How to allow access to WeChat using ISDB