Application Control not detecting upload signature

GLOBAL · ‎11-09-2023

Hello Friends!

I recently upgrade to a 600F at 7.0.12 and now my Application Control for Google Drive is not detecting the right upload signature. Hence it is not blocking upload. All worked fine with a 300E at the same firmware version.

Sensor	FWUSR-ADM-INTERMEDIARIO-GOOGLE
Application Name	Google.Drive
ID	32121
Category	Storage.Backup
Risk
Protocol	6
Service	HTTPS
Message	Storage.Backup: Google.Drive

The upload show as just Google.Drive and the action is pass (correct for the miss identified signature).

Action	pass
Policy ID	OUTBOUND FWUSR-ADM-INTERMEDI-GOOGLE (1107)
Policy UUID	ab55ec0e-743b-51ee-54db-38c3dc4c64df
Policy Type	Firewall

It righlty detects the download signature.

Sensor	FWUSR-ADM-INTERMEDIARIO-GOOGLE
Application Name	Google.Drive_File.Download
ID	35434
Category	Storage.Backup
Risk
Protocol	6
Service	HTTPS
Application User
Cloud Action	download
Message	Storage.Backup: Google.Drive_File.Download

Web filter category for File Sharing and Storage is monitor. Application control Storage is also monitor. And the necessary signature for Drive.Upload are block. An i have triple check and it is using deep-inspection with out insenting google drive from inspection.

Any known bug in 7.0.12?

abarushka · ‎11-10-2023

Hello,

I would recommend to double check whether blocking signature is above allow signature (only visible in CLI):

config application list
edit <>
config entries
edit 1
set category <>

set action block
next
edit 2
set action pass
next
end
next
end

FortiGate

GLOBAL · ‎11-10-2023

Hello, checked, it is double blocked even:

It just happened to come to my attention that Google.Docs.Edit was wrongly blocked on this same group "INTERMEDIARIO-GOOGLE'. And sure, there is was (on the picture above already removed) on blocked. And it was identified correclty, just the upload seams to be broken for me for some reason.