Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aduneo
New Contributor

Created on ‎11-14-2023 12:26 AM

Application control doesn't work in chrome

Hello

I created application control rules to block twitch in fortigate 60E, but this rules doens't work in Chrome.

I tested on all other browser and it's work's good excepted for chrome, have you got any idea ?

Labels:
5096
0 Kudos
18 REPLIES 18
srajeswaran
Staff
Staff

Created on ‎11-14-2023 12:30 AM

It may be due to QUIC protocol used by chrome. Can you try disabling quic and test?
Below articles will be handy.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Block-QUIC-Protocol/ta-p/197661
https://community.fortinet.com/t5/FortiGate/Technical-Note-Disabling-Blocking-QUIC-Protocol-to-force...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
3085
aduneo
New Contributor
In response to srajeswaran

Created on ‎11-14-2023 12:39 AM

I have already deactivated QUIC and I tried to deactivate it on my browser Twitch is still not blocked in chrome.

3080
0 Kudos
srajeswaran
Staff
Staff
In response to aduneo

Created on ‎11-14-2023 12:53 AM

Do you see the traffic logs for the corresponding session on Fortigate? Can you share the same?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
3072
aduneo
New Contributor
In response to srajeswaran

Created on ‎11-14-2023 01:14 AM

On this screen action is blocked in Firefox

6jdGahnK98.pngVDe21ieilY.pngfirefox_tX6QrSaIj0.pngfirefox_gwIPrxd2XR.pngfirefox_tybrHQVXPl.png

On this screen action is pass in Chrome

 

Dly0fHkefN.png20CrcAX217.png

 

3064
0 Kudos
fricci_FTNT
Staff
Staff

Created on ‎11-14-2023 02:11 AM Edited on ‎11-14-2023 02:13 AM

Hi @aduneo ,

 

> Which FOS and IPS engine version are you running?
From CLI:
get system status
get system fortiguard-service status
> Is the firewall policy in flow mode or proxy mode?
> Is it the same if you change the firewall policy to proxy/flow mode? (you could clone/create one just for your test client)

> Is Twitch traffic being allowed when you use Brave browser (which is based on Chrome)?
> Can you run a debug flow for both Firefox and Chrome and attach logs, please:

diag debug reset
diag debug flow filter addr x.x.x.x  #<--- where x.x.x.x is the destination IP address (you can ping Twitch to see what is the IP address resolved by your PC at the time)
diag debug flow filter port 443
diag debug console timestamp enable
diag debug flow show iprope enable
diag debug flow show function-name enable
diag debug flow trace start 9999
diag debug enable


Close all other browser windows and open Twitch in incognito/privacy mode on the browser.
Once done, please type:
diag debug disable

diag debug reset


https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-CLI-commands-to-verify-status-of-the-Forti...

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
3048
aduneo
New Contributor
In response to fricci_FTNT

Created on ‎11-14-2023 02:33 AM

here is the system status :

Version: FortiGate-60E v7.4.1,build2463,230830 (GA.F)
Security Level: 1
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.00509(2023-08-10 23:09)
Serial-Number: FGT60ETK20048084
BIOS version: 05000012
System Part-Number: P18816-03
Log hard disk: Not available
Hostname: gibraltar
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 2463
Release Version Information: GA
System time: Tue Nov 14 11:31:21 2023
Last reboot reason: warm reboot

 

here is fortiguard-service status :

 

NAME VERSION LAST UPDATE METHOD EXPIRE
AV Engine 7.018 2023-08-02 17:21:00 manual 2024-02-05 23:59:59
Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Extended set 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
AI/Machine Learning Malware Detection Model 0.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Flow-based Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Attack Definitions 6.741 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
Attack Extended Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
IPS Malicious URL Database 1.001 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
IPS/FlowAV Engine 7.509 2023-10-18 19:14:25 scheduled 2024-02-05 23:59:59
Application Definitions 6.741 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
FMWP Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
OT Threat Definitions 6.741 2015-12-01 02:30:00 manual n/a
IoT Detect Definitions 0.000 2022-08-17 17:31:00 manual n/a
OT Detect Definitions 0.000 2001-01-01 00:00:00 manual n/a
OT Patch Definitions 0.000 2001-01-01 00:00:00 manual n/a

 

I try in Brave and in brave the application control rules work's, twitch is blocked by fortigate.

3017
0 Kudos
aduneo
New Contributor
In response to fricci_FTNT

Created on ‎11-14-2023 02:49 AM

here is system status :

Version: FortiGate-60E v7.4.1,build2463,230830 (GA.F)
Security Level: 1
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.00509(2023-08-10 23:09)
Serial-Number: FGT60ETK20048084
BIOS version: 05000012
System Part-Number: P18816-03
Log hard disk: Not available
Hostname: gibraltar
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 2463
Release Version Information: GA
System time: Tue Nov 14 11:47:50 2023
Last reboot reason: warm reboot

 

Here is fortiguard-system status :

NAME VERSION LAST UPDATE METHOD EXPIRE
AV Engine 7.018 2023-08-02 17:21:00 manual 2024-02-05 23:59:59
Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Extended set 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
AI/Machine Learning Malware Detection Model 0.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Flow-based Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Attack Definitions 6.741 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
Attack Extended Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
IPS Malicious URL Database 1.001 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
IPS/FlowAV Engine 7.509 2023-10-18 19:14:25 scheduled 2024-02-05 23:59:59
Application Definitions 6.741 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
FMWP Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
OT Threat Definitions 6.741 2015-12-01 02:30:00 manual n/a
IoT Detect Definitions 0.000 2022-08-17 17:31:00 manual n/a
OT Detect Definitions 0.000 2001-01-01 00:00:00 manual n/a
OT Patch Definitions 0.000 2001-01-01 00:00:00 manual n/a

 

I try on brave and the rules work's, twitch is bloked by fortigate.

3039
0 Kudos
aduneo
New Contributor
In response to aduneo

Created on ‎11-14-2023 03:01 AM Edited on ‎11-14-2023 03:10 AM

In my system>setting, NGFW Mode is on "profile-based"

3030
0 Kudos
fricci_FTNT
Staff
Staff
In response to aduneo

Created on ‎11-14-2023 05:37 AM Edited on ‎11-14-2023 05:37 AM

Hi @aduneo ,

Thank you. Please ignore my question about proxy/flow mode, your FortiGate model does not allow you to choose between Flow and Proxy inspection modes (https://community.fortinet.com/t5/FortiGate/Technical-Tip-Changing-the-inspection-mode-of-the-firewa... ).

Regarding QUIC, you mentioned earlier that you have disabled it, how did you do it? The link below shows several ways to do that (you may try to implement more than one):
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-disable-QUIC/ta-p/191273
https://community.fortinet.com/t5/FortiGate/Technical-Note-Disabling-Blocking-QUIC-Protocol-to-force...

 

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
3009
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.