Fullmoon
Contributor III

applications not resolved

hi folks, running on FGT 90D ver 5.2.1 under System>All Sessions under Application Column why its not resolving? Any guess how to fix this one? Kindly see the attached image. thanks

Fortigate Newbie

4 REPLIES 4
kraturi_FTNT
Staff
Staff

Hi

you need to verify 2 things.

 

1) You need to have application control sensor enabled with logging on the firewall policy allowing outbound traffic. This will log the correct application names  config application list  edit <sensor name>  set extended-utm-log enable  set unknown-application-action <pass|block>  end 

 

2) check the log Severity

 

# config log <memory/disk> filter  # set severity information  # end 

AndreaSoliva
Contributor III

Hi

 

wahtever you do meaning base on logging absolut prerequisit is a full log config with all aspects. This meas acutally following positions are responsible for resolving ip/host/apps:

       5.0

       # config log setting

       # set resolve-apps enable        # set resolve-hosts enable        # set resolve-ip enable

 

       5.2

       # config log setting

       # set resolve-ip enable        # set resolve-port enable

 

       # config log gui-display        # set location [Gebe an forticloud | memory | disk | fortianalyzer | syslogd]        # set resolve-hosts [enable | disable]        # set resolve-apps [enable | disable]

 

This means look at following entry here in this forum which shows for 5.0/5.2 a full config of log. Go through this config and you will see there is more as only a option behind logging :) Please keep in mind that the DNS server used to resolve host  and Ip are importante this means internal host can only be resolved within logging if a suitable DNS server is used on the FortiGate System DNS config. I think you understand what I mean:

 

https://forum.fortinet.com/tm.aspx?m=114371

 

have fun....

 

Andrea

bikash_Shaw
New Contributor III

Hi 

 

It might be torrent peers.

 

Regards

Bikash

Sushilk
New Contributor

Hi,

Does this happening with all the applications.

 

Simply try nslookup <ip> and see if you getting any fqdn associated with that.If not then this is correct behaviour.

 

Regards,

Sushil