Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NoobY
New Contributor

Application Control Not working with AndroidOS?

 

Hi all,

 

Currently I have a F100D(v5.2.10, build742, GA) in Standalone mode acting as single router/firewall between the ISP and internal network.

 

Let's say IPV4 Policy #20 handles all the Wi-Fi traffic, I have Traffic ShapersWeb Filter and Application Control enable.

Web Filter and Traffic Shapers work great regardless of the client OS going through this policy.

 

In Application Control, primarily is blocking off media streaming services, however, it is behaving oddly.

 

------------------------------------------------------------------------------------------------------------

Scenarios:

Windows PC/Laptop - YouTube, VIMEO, online radio. --> all block, confirmed by FortiView and actual testing devices.

 

iOS Devices - YouTube App, m.youtube.com --> all block, confirmed by FortiView and actual testing devices.

 

Android OS Devices - YouTube App, m.youtube.com --> shows block/deny on FortiView, however, on the actual testing devices, it works just fine, I was still able to stream and watch YouTube.

------------------------------------------------------------------------------------------------------------

 

I further blocked off Social Media and a few other services via Application Control on the same policy just for testing purpose and they worked perfectly across all 3 platforms.

 

Has anyone encountered this before?

 

Cheers,

Nob

3 REPLIES 3
hklb
Contributor II

which protocol are you open ? all or only DNS, HTTP and HTTPS ?

 

Try to block UDP 80 and UDP 443 (deny rules on the top).

NoobY
New Contributor

hklb wrote:

which protocol are you open ? all or only DNS, HTTP and HTTPS ?

 

Try to block UDP 80 and UDP 443 (deny rules on the top).

Hi hklb,

 

Thanks for the suggestion.

ALL protocol/services should be blocked, at least that's how I've set up the policy to be.

 

I will try the 2 specific ports setting.

hmtay_FTNT

Hello nyang,

 

Try setting the Application Control signature "QUIC" to Block. It is a proprietary protocol by Google for a quicker connection to their servers. hklb's suggestion to block UDP 80 and UDP 443 would block "QUIC" too. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors