Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
newone
New Contributor

AC Profile IOS Operating System Error Inquiry

Hello.

The customer policy uses Application Control
I am inquiring because the screen is broken and delayed when approaching a specific destination only on the iPhone (IOS operating system).

1. When checking with Android or other operating systems, there is no specific issue, and symptoms are only confirmed in IOS
2. Special matters such as separate logs are not confirmed when communication delays occur
4. After changing from the Application and Filter Overrides setting of AC profile [default] to Details: Apple.iPhone, Action: Allow, the screen has been confirmed to be broken and delayed when applying the profile

In the Categories setting of the AC profile [default], all are set to Monitor by default, but I would like to ask you why communication delays occurred only in the IOS operating system.AC Profile IOS Operating System Error Inquiry.png

 


Thank you.

6 REPLIES 6
jintrah_FTNT
Staff
Staff

Hi,

 

I do not think AC is interfering as all applications are allowed. Is there deep inspection applied on the firewall policy?

 

Best regards,

Jin

newone

Thank you for your answer.

Security Profiles (AV, WF, AC, IPS, WAF) are all applied to the firewall policy for this issue.
We tested it by removing one profile at a time, and removing AV profile resolved the problem.

I think AV profile is the reason for the problem. However, the setting is a monitor, not a block, and it is questionable that there was a problem at this time.

jintrah_FTNT

Good that you did some checks to identify the issue recurring when av profile was used. Then, we may need to see if it was flow av or proxy av in use, you may switch the modes and check the behavior further.

 

best regards,

Jin

newone

I'm sorry. It's not AV, but AC.
The policy is set to Flow-based.

I don't understand the situation with just the setting, is there a possibility that it's a bug?

jintrah_FTNT

its Ok..Did you try switching the mode to proxy based from flow? is there any change? And is  ssl deep inspection used in the policy?

 

Best regards,

Jin

newone

I have never changed it to proxy mode.
Also, SSL deep-inspection is not being used.
SSL is all certificate-inspection.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors