Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SecurityPlus
Contributor II

Whitelist Applications

We are running some backup software that the backup software provider has suggested that we whitelist in the firewall. Is it possible in the FortiGate to whitelist applications such as:

Application 1.exe

Application 2.exe

 

This involves a FortiGate 60E running FortiOS 6.0.9.

 

If so how is this done? I look at application control and could not find how to do this. The applications that need to be whitelisted are not in the list of applications in the FortiGate that I can find.

4 REPLIES 4
localhost
Contributor III

No.. I doesn't work like that on the Fortigate.

 

Your firewall is not aware what applications your computer is running. It's just inspecting the network traffic, and based on signatures it tries to identify the application.

 

So first thing I would do is, look into your log files to see what application the Fortigate is detecting for your backup connection. For this to be visible, all categories in the application control profile must be set to monitored, and log must be set to 'all' on your firewall rule.

 

But why not just create a seperate firewall rule based on IP and Ports for all you backup connections?

FortiLearner

I dont think you can whitelist a .exe on application control that more related to DLP.

Dave_Hall

The backup vendor's website should have an FAQ or technical notes for what ports to open up on your firewall.  I agree with Sander (localhost) - this is more about port fowarding/firewall unblocking, though the vendor could be using standard API/TCP/IP protocols.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
SecurityPlus

Thanks all!
Labels
Top Kudoed Authors