Hello Dears
I am trying to using Application control to block any outside user to reach our network using proxy or vpn application take in mind my configuration is working with SSL inspection not deep one.
Bests
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi
I'm not sure but I think this is not doable with application control. Probably IP reputation may do something here.
Try with the below sub-commands of config firewall policy.
set reputation-minimum ...
set reputation-direction ...
Hello Dear
Thnx for reply
It seems good but it is also blocking traffic from other parties like local ISP and same stuff ?
Would you recommend to make it working with reputation 3 ? Is that ok ?
Hi
According to admin guide here are the available levels.
1 | Known malicious sites, such as phishing sites or sites related to botnet servers |
2 | High risk services sites, such as TOR, proxy, and P2P |
3 | Unverified sites |
4 | Reputable social media sites, such as Facebook and Twitter |
5 | Known and verified safe sites, such as Gmail, Amazon, and eBay |
So I guess #2 is the one you are looking for.
I didn't test this feature, so i recommend you to test it well before put in production so you can see if is what you are looking for.
Ref:
Hi
There is another possible method that you can explore, but never tested it neither. It is by creating a deny policy and use ISDB as source address, and select bad ISDBs like the below:
Hope this helps.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.