Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
GLOBAL
New Contributor II

Created on ‎11-09-2023 12:55 PM

Application Control not detecting upload signature

Hello Friends!

I recently upgrade to a 600F at 7.0.12 and now my Application Control for Google Drive is not detecting the right upload signature. Hence it is not blocking upload. All worked fine with a 300E at the same firmware version.

 

SensorFWUSR-ADM-INTERMEDIARIO-GOOGLE
Application NameGoogle.Drive
ID32121
CategoryStorage.Backup
Risk
 
 
 
 
 
Protocol6
ServiceHTTPS
MessageStorage.Backup: Google.Drive

The upload show as just Google.Drive and the action is pass (correct for the miss identified signature).

Actionpass
Policy IDOUTBOUND FWUSR-ADM-INTERMEDI-GOOGLE (1107)
Policy UUIDab55ec0e-743b-51ee-54db-38c3dc4c64df
Policy Type

Firewall

It righlty detects the download signature.

SensorFWUSR-ADM-INTERMEDIARIO-GOOGLE
Application NameGoogle.Drive_File.Download
ID35434
CategoryStorage.Backup
Risk
 
 
 
 
 
Protocol6
ServiceHTTPS
Application User 
Cloud Actiondownload
Message

Storage.Backup: Google.Drive_File.Download

Web filter category for File Sharing and Storage is monitor. Application control Storage is also monitor. And the necessary signature for Drive.Upload are block. An i have triple check and it is using deep-inspection with out insenting google drive from inspection.

Any known bug in 7.0.12?

Labels:
3059
0 Kudos
2 REPLIES 2
abarushka
Staff
Staff

Created on ‎11-10-2023 02:07 AM

Hello,

 

I would recommend to double check whether blocking signature is above allow signature (only visible in CLI):

 

config application list
edit <>
config entries
edit 1
set category <>

set action block
next
edit 2
set action pass
next
end
next
end

FortiGate
3025
0 Kudos
GLOBAL
New Contributor II
In response to abarushka

Created on ‎11-10-2023 06:31 AM

Hello, checked, it is double blocked even:

ac drive upload.PNG

It just happened to come to my attention that Google.Docs.Edit was wrongly blocked on this same group "INTERMEDIARIO-GOOGLE'. And sure, there is was (on the picture above already removed) on blocked. And it was identified correclty, just the upload seams to be broken for me for some reason.

3011
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.