Hi Everyone
We use App Control/Sensor to have fine-grain control over which Apps can leave through our Firewall, but we've recently discovered the Fortigates are blocking an app called "Microsoft.Authentication", This App is shown in the list on our Fortigates, but its not available on the FortiManager.
Any ideas on how to fix this? I've checked Fortiguard Tab -> Advanced, and all the services are showing as synchronized.
I'm assuming the FortiManager uses the same packages for the Policy editor, or is there another location I need to update?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
FMG is on 5.2.4? FMG IPS list and APP list is retrieved from this ADOM managed FGT
can you provide your FGT "get system status" ?
Thanks
Simon
Hi Simon
Sure, details are as follows
Connected
FMG-VM64 # get system status
Platform Type : FMG-VM64
Platform Full Name : FortiManager-VM64
Version : v5.2.4-build0738 150923 (GA)
Serial Number : FMG-VM0A14002276
BIOS version : 04000002
Hostname : FMG-VM64
Max Number of Admin Domains : 20
Max Number of Device Groups : 20
Admin Domain Configuration : Enabled
HA Mode : Stand Alone
Branch Point : 738
Release Version Information : GA
Current Time : Thu Oct 08 22:54:05 BST 2015
Daylight Time Saving : Yes
Time Zone : (GMT) Greenwich Mean Time:Dublin, Edinburgh, Lisbon, London.
x86-64 Applications : Yes
Disk Usage : Free 89.97GB, Total 157.48GB
File System : Ext4
License Status : Valid
FMG-VM64 #
thanks for the update, but I need FGT :), mainly for below info
Version: FortiGate-VM v5.2.0,build0691,150905 (Interim) Virus-DB: 28.00295(2015-09-25 11:13) Extended DB: 28.00295(2015-09-25 11:12) Extreme DB: 1.00000(2012-10-17 15:47) IPS-DB: 5.00613(2015-02-17 00:58) IPS-ETDB: 6.00700(2015-09-24 00:49)
by the way, if you try to do "Device Manager" device right click menu refresh for the FGT, can you see IPS/APP list updated on FMG side?
Thanks
Simon
Doh!
Unfortunately that was the first thing I tried, modifying the config on the FGT then reloading it into the FM, but the App is not shown, its almost as if it didn't exist!
The FGT details are
Version: FortiGate-200D v5.2.4,build0688,150722 (GA) Virus-DB: 28.00581(2015-10-07 18:12) Extended DB: 28.00581(2015-10-07 18:11) IPS-DB: 5.00615(2015-02-24 00:09) IPS-ETDB: 6.00705(2015-10-06 00:37) Serial-Number: FG200D3914807944 Botnet DB: 2.00533(2015-10-07 10:00) BIOS version: 05000004 System Part-Number: P11534-05 Log hard disk: Available Internal Switch mode: interface Hostname: OFFICE-FG-200D-1 Operation Mode: NAT Current virtual domain: root Max number of virtual domains: 10 Virtual domains status: 1 in NAT mode, 0 in TP mode Virtual domain configuration: disable FIPS-CC mode: disable Current HA mode: a-a, master Branch point: 688 Release Version Information: GA FortiOS x86-64: Yes System time: Thu Oct 8 23:04:13 2015
at first my FMG200D 0738 added FGT with old IPS version (in my previous note) and did not see "Microsoft.Authentication" in APP list, but later I added another FGT with latest IPS db and after add, I see package db updated with this new entry
Virus-DB: 28.00600(2015-10-08 13:14) Extended DB: 28.00600(2015-10-08 13:13) IPS-DB: 6.00706(2015-10-08 00:17) IPS-ETDB: 0.00000(2001-01-01 00:00)
let me try more case see if can reproduce your issue
Thanks
Simon
by the way, your IPS db looks weird
IPS-DB: 5.00615(2015-02-24 00:09)
seems old version, but extended db is new
IPS-ETDB: 6.00705(2015-10-06 00:37)
That is odd, I'm assuming it will only use 1 of them?
Just to confirm, so your FGT enabled below?
config ips global
set database extended
FMG side using version# as a record for each time received list (APP is "get application name status") and if this enabled, we will use ETDB # unless there is a newer one on FMG side (so then will not update for this one)
Hi
Yep, its set to use extended. I'd happily go back to the standard one if it would fix this issue. Very suprised though the FM does not support the extended.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.