Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aduneo
New Contributor

Application control doesn't work in chrome

Hello

I created application control rules to block twitch in fortigate 60E, but this rules doens't work in Chrome.

I tested on all other browser and it's work's good excepted for chrome, have you got any idea ?

18 REPLIES 18
srajeswaran
Staff
Staff

It may be due to QUIC protocol used by chrome. Can you try disabling quic and test?
Below articles will be handy.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Block-QUIC-Protocol/ta-p/197661
https://community.fortinet.com/t5/FortiGate/Technical-Note-Disabling-Blocking-QUIC-Protocol-to-force...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
aduneo

I have already deactivated QUIC and I tried to deactivate it on my browser Twitch is still not blocked in chrome.

srajeswaran

Do you see the traffic logs for the corresponding session on Fortigate? Can you share the same?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
aduneo

On this screen action is blocked in Firefox

6jdGahnK98.pngVDe21ieilY.pngfirefox_tX6QrSaIj0.pngfirefox_gwIPrxd2XR.pngfirefox_tybrHQVXPl.png

On this screen action is pass in Chrome

 

Dly0fHkefN.png20CrcAX217.png

 

fricci_FTNT
Staff
Staff

Hi @aduneo ,

 

> Which FOS and IPS engine version are you running?
From CLI:
get system status
get system fortiguard-service status
> Is the firewall policy in flow mode or proxy mode?
> Is it the same if you change the firewall policy to proxy/flow mode? (you could clone/create one just for your test client)

> Is Twitch traffic being allowed when you use Brave browser (which is based on Chrome)?
> Can you run a debug flow for both Firefox and Chrome and attach logs, please:

diag debug reset
diag debug flow filter addr x.x.x.x  #<--- where x.x.x.x is the destination IP address (you can ping Twitch to see what is the IP address resolved by your PC at the time)
diag debug flow filter port 443
diag debug console timestamp enable
diag debug flow show iprope enable
diag debug flow show function-name enable
diag debug flow trace start 9999
diag debug enable


Close all other browser windows and open Twitch in incognito/privacy mode on the browser.
Once done, please type:
diag debug disable

diag debug reset


https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-CLI-commands-to-verify-status-of-the-Forti...

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
aduneo

here is the system status :

Version: FortiGate-60E v7.4.1,build2463,230830 (GA.F)
Security Level: 1
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.00509(2023-08-10 23:09)
Serial-Number: FGT60ETK20048084
BIOS version: 05000012
System Part-Number: P18816-03
Log hard disk: Not available
Hostname: gibraltar
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 2463
Release Version Information: GA
System time: Tue Nov 14 11:31:21 2023
Last reboot reason: warm reboot

 

here is fortiguard-service status :

 

NAME VERSION LAST UPDATE METHOD EXPIRE
AV Engine 7.018 2023-08-02 17:21:00 manual 2024-02-05 23:59:59
Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Extended set 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
AI/Machine Learning Malware Detection Model 0.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Flow-based Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Attack Definitions 6.741 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
Attack Extended Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
IPS Malicious URL Database 1.001 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
IPS/FlowAV Engine 7.509 2023-10-18 19:14:25 scheduled 2024-02-05 23:59:59
Application Definitions 6.741 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
FMWP Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
OT Threat Definitions 6.741 2015-12-01 02:30:00 manual n/a
IoT Detect Definitions 0.000 2022-08-17 17:31:00 manual n/a
OT Detect Definitions 0.000 2001-01-01 00:00:00 manual n/a
OT Patch Definitions 0.000 2001-01-01 00:00:00 manual n/a

 

I try in Brave and in brave the application control rules work's, twitch is blocked by fortigate.

aduneo

here is system status :

Version: FortiGate-60E v7.4.1,build2463,230830 (GA.F)
Security Level: 1
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.00509(2023-08-10 23:09)
Serial-Number: FGT60ETK20048084
BIOS version: 05000012
System Part-Number: P18816-03
Log hard disk: Not available
Hostname: gibraltar
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 2463
Release Version Information: GA
System time: Tue Nov 14 11:47:50 2023
Last reboot reason: warm reboot

 

Here is fortiguard-system status :

NAME VERSION LAST UPDATE METHOD EXPIRE
AV Engine 7.018 2023-08-02 17:21:00 manual 2024-02-05 23:59:59
Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Extended set 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
AI/Machine Learning Malware Detection Model 0.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Flow-based Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Attack Definitions 6.741 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
Attack Extended Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
IPS Malicious URL Database 1.001 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
IPS/FlowAV Engine 7.509 2023-10-18 19:14:25 scheduled 2024-02-05 23:59:59
Application Definitions 6.741 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
FMWP Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
OT Threat Definitions 6.741 2015-12-01 02:30:00 manual n/a
IoT Detect Definitions 0.000 2022-08-17 17:31:00 manual n/a
OT Detect Definitions 0.000 2001-01-01 00:00:00 manual n/a
OT Patch Definitions 0.000 2001-01-01 00:00:00 manual n/a

 

I try on brave and the rules work's, twitch is bloked by fortigate.

aduneo
New Contributor

In my system>setting, NGFW Mode is on "profile-based"

fricci_FTNT

Hi @aduneo ,

Thank you. Please ignore my question about proxy/flow mode, your FortiGate model does not allow you to choose between Flow and Proxy inspection modes (https://community.fortinet.com/t5/FortiGate/Technical-Tip-Changing-the-inspection-mode-of-the-firewa... ).

Regarding QUIC, you mentioned earlier that you have disabled it, how did you do it? The link below shows several ways to do that (you may try to implement more than one):
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-disable-QUIC/ta-p/191273
https://community.fortinet.com/t5/FortiGate/Technical-Note-Disabling-Blocking-QUIC-Protocol-to-force...

 

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors