Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
serinfbco
New Contributor

Application Control: can't override block action with custom signature when HTTPS

The "proxy" category is blocked but we wan't to allow only one legit web site. We created a custom signature with the right pattern. In the override section this custom application is set to "monitor". But this site still blocked.

 

The problem seems that the custom signature worked and I see in the log the "pass" action when the service is HHTP BUT after that the workflow continue to HTTPS service and reach the default signature "Proxy.Websites" and at that time the action is set to "block"... So how to override the bock action? Is it possible to stop the workflow in the custom signature to stop processing after the "allow" action? We set the weight of the signature to 255 but this not working. Here the details:

 

The custom signature:

F-SBID( --attack_id 9524; --name "Permit.proxy.XXX"; --pattern "proxy.XXX.ca"; --protocol tcp; --no_case; --flow from_client; --context host; --app_cat 6; --weight 255;)

 

 

 

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors