Hello.
The customer policy uses Application Control
I am inquiring because the screen is broken and delayed when approaching a specific destination only on the iPhone (IOS operating system).
1. When checking with Android or other operating systems, there is no specific issue, and symptoms are only confirmed in IOS
2. Special matters such as separate logs are not confirmed when communication delays occur
4. After changing from the Application and Filter Overrides setting of AC profile [default] to Details: Apple.iPhone, Action: Allow, the screen has been confirmed to be broken and delayed when applying the profile
In the Categories setting of the AC profile [default], all are set to Monitor by default, but I would like to ask you why communication delays occurred only in the IOS operating system.
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
I do not think AC is interfering as all applications are allowed. Is there deep inspection applied on the firewall policy?
Best regards,
Jin
Thank you for your answer.
Security Profiles (AV, WF, AC, IPS, WAF) are all applied to the firewall policy for this issue.
We tested it by removing one profile at a time, and removing AV profile resolved the problem.
I think AV profile is the reason for the problem. However, the setting is a monitor, not a block, and it is questionable that there was a problem at this time.
Good that you did some checks to identify the issue recurring when av profile was used. Then, we may need to see if it was flow av or proxy av in use, you may switch the modes and check the behavior further.
best regards,
Jin
I'm sorry. It's not AV, but AC.
The policy is set to Flow-based.
I don't understand the situation with just the setting, is there a possibility that it's a bug?
its Ok..Did you try switching the mode to proxy based from flow? is there any change? And is ssl deep inspection used in the policy?
Best regards,
Jin
I have never changed it to proxy mode.
Also, SSL deep-inspection is not being used.
SSL is all certificate-inspection.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.