Application Control Misidentifying DNS Traffic

Sadhi_Jayz · ‎07-12-2025

Hello Fortinet Community,

I'm encountering an issue with application control on my FortiGate 60F running firmware version 7.4.8M.

Scenario:

I created a WAN access policy that allows NTP, DNS, and PING services only.

Additionally, in the Application Control profile applied to this policy, I allowed only the following applications:

NTP
DNS
PING

All other applications are set to block.

Issue:

Despite allowing DNS in the Application Control settings, I'm seeing legitimate DNS traffic being denied in the logs. This traffic is:

Port: 53 (UDP)
Destination: 8.8.8.8 (Google DNS)
Action: Denied
Detected Application: GitHub

It appears the firewall is misclassifying some DNS traffic as the "GitHub" application, which is not allowed by the control policy, and thus it's being blocked.

What can I do to fix this without disabling Application Control Profile.

Any insights or suggestions would be greatly appreciated.

Thank You.

AEK · ‎07-14-2025

Hi Sadhi

This my be app misclassification. Or can be some signature in this DNS traffic similar to GitHub app.

Does it happen only for DNS traffic from your "ubuntu-server"?

Is similar traffic from other hosts detected as GitHub app?

As a workaround try add GitHub app in the App Ctrl profile and see if it helps. Meanwhile you may open a ticket to get a clean fix.

AEK

Application Control Misidentifying DNS Traffic

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website