Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kelv1n
New Contributor

Application Control - App missing from FM but is on Fortigate

Hi Everyone

 

We use App Control/Sensor to have fine-grain control over which Apps can leave through our Firewall, but we've recently discovered the Fortigates are blocking an app called "Microsoft.Authentication",  This App is shown in the list on our Fortigates, but its not available on the FortiManager. 

 

Any ideas on how to fix this? I've checked Fortiguard Tab -> Advanced, and all the services are showing as synchronized.  

 

I'm assuming the FortiManager uses the same packages for the Policy editor, or is there another location I need to update?

17 REPLIES 17
scao_FTNT

FMG should support ETDB version update in 5.2.4 (but no auto update, need a manual refresh)

 

I will test in the lab for your case and try to reproduce this

 

Thanks

 

Simon

kelv1n

Hi Simon

 

The Microsoft.Authentation has now appeared in FMG, vary bizarre.. I've not made any direct changes on the FMG.

 

I did commit a policy change to the FGT, then disabled the extended IPS signatures, but this has not been re-imported into the FMG, so I can't see this having any impact!

scao_FTNT

how many device in the ADOM? and possible other device has IPS DB updated?

kelv1n

None, its a dedicated ADOM for this pair of HA FGT.

scao_FTNT

and still below version no change?

 

IPS-DB: 5.00615(2015-02-24 00:09) IPS-ETDB: 6.00705(2015-10-06 00:37)

 

 

kelv1n

These have updated to 

 

IPS-DB: 6.00707(2015-10-09 00:10) IPS-ETDB: 6.00706(2015-10-08 00:17)

scao_FTNT

i c, IPS DB new version will trigger an update to FMG side and then auto update FMG side IPS/APP list

 

I will double check for only ETDB has new version case (and IPS DB only stay on the old version #)

 

Thanks

 

Simon

scao_FTNT

We tried but still not yet reproduce

 

Steps taken:

FMG v5.2.4 B0738 + FGT v5.2.4 B0688

-          FGT, Revert IPS regular and extended db to 5.00615

-          FGT, set database extended. Microsoft.Authentication is not displayed.

-          FMG, Add FGT, verify IPS version on FMG is 5.00615 extended. Microsoft.Authentication is not displayed.

-          FGT, update IPS. (Now regular is 5.00615, extended is 6.00707).  Microsoft.Authentication is displayed.

-          FMG, Device Manager, right click the device, refresh. Verify IPS version on FMG is 6.00707 extended.  Microsoft.Authentication is displayed.

 

Note: Microsoft.Authentication is introduced starting 6.00705.

 

Thanks

 

Simon

Labels
Top Kudoed Authors