Hello
I created application control rules to block twitch in fortigate 60E, but this rules doens't work in Chrome.
I tested on all other browser and it's work's good excepted for chrome, have you got any idea ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It may be due to QUIC protocol used by chrome. Can you try disabling quic and test?
Below articles will be handy.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Block-QUIC-Protocol/ta-p/197661
https://community.fortinet.com/t5/FortiGate/Technical-Note-Disabling-Blocking-QUIC-Protocol-to-force...
I have already deactivated QUIC and I tried to deactivate it on my browser Twitch is still not blocked in chrome.
Do you see the traffic logs for the corresponding session on Fortigate? Can you share the same?
On this screen action is blocked in Firefox
On this screen action is pass in Chrome
Hi @aduneo ,
> Which FOS and IPS engine version are you running?
From CLI:
get system status
get system fortiguard-service status
> Is the firewall policy in flow mode or proxy mode?
> Is it the same if you change the firewall policy to proxy/flow mode? (you could clone/create one just for your test client)
> Is Twitch traffic being allowed when you use Brave browser (which is based on Chrome)?
> Can you run a debug flow for both Firefox and Chrome and attach logs, please:
diag debug reset
diag debug flow filter addr x.x.x.x #<--- where x.x.x.x is the destination IP address (you can ping Twitch to see what is the IP address resolved by your PC at the time)
diag debug flow filter port 443
diag debug console timestamp enable
diag debug flow show iprope enable
diag debug flow show function-name enable
diag debug flow trace start 9999
diag debug enable
Close all other browser windows and open Twitch in incognito/privacy mode on the browser.
Once done, please type:
diag debug disable
diag debug reset
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-CLI-commands-to-verify-status-of-the-Forti...
Best regards,
here is the system status :
Version: FortiGate-60E v7.4.1,build2463,230830 (GA.F)
Security Level: 1
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.00509(2023-08-10 23:09)
Serial-Number: FGT60ETK20048084
BIOS version: 05000012
System Part-Number: P18816-03
Log hard disk: Not available
Hostname: gibraltar
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 2463
Release Version Information: GA
System time: Tue Nov 14 11:31:21 2023
Last reboot reason: warm reboot
here is fortiguard-service status :
NAME VERSION LAST UPDATE METHOD EXPIRE
AV Engine 7.018 2023-08-02 17:21:00 manual 2024-02-05 23:59:59
Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Extended set 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
AI/Machine Learning Malware Detection Model 0.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Flow-based Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Attack Definitions 6.741 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
Attack Extended Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
IPS Malicious URL Database 1.001 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
IPS/FlowAV Engine 7.509 2023-10-18 19:14:25 scheduled 2024-02-05 23:59:59
Application Definitions 6.741 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
FMWP Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
OT Threat Definitions 6.741 2015-12-01 02:30:00 manual n/a
IoT Detect Definitions 0.000 2022-08-17 17:31:00 manual n/a
OT Detect Definitions 0.000 2001-01-01 00:00:00 manual n/a
OT Patch Definitions 0.000 2001-01-01 00:00:00 manual n/a
I try in Brave and in brave the application control rules work's, twitch is blocked by fortigate.
here is system status :
Version: FortiGate-60E v7.4.1,build2463,230830 (GA.F)
Security Level: 1
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.00509(2023-08-10 23:09)
Serial-Number: FGT60ETK20048084
BIOS version: 05000012
System Part-Number: P18816-03
Log hard disk: Not available
Hostname: gibraltar
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 2463
Release Version Information: GA
System time: Tue Nov 14 11:47:50 2023
Last reboot reason: warm reboot
Here is fortiguard-system status :
NAME VERSION LAST UPDATE METHOD EXPIRE
AV Engine 7.018 2023-08-02 17:21:00 manual 2024-02-05 23:59:59
Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Extended set 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
AI/Machine Learning Malware Detection Model 0.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Flow-based Virus Definitions 1.000 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
Attack Definitions 6.741 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
Attack Extended Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
IPS Malicious URL Database 1.001 2022-10-05 19:12:21 scheduled 2024-02-05 23:59:59
IPS/FlowAV Engine 7.509 2023-10-18 19:14:25 scheduled 2024-02-05 23:59:59
Application Definitions 6.741 2023-11-08 20:33:18 scheduled 2024-02-05 23:59:59
FMWP Definitions 0.000 2001-01-01 00:00:00 manual 2024-02-05 23:59:59
OT Threat Definitions 6.741 2015-12-01 02:30:00 manual n/a
IoT Detect Definitions 0.000 2022-08-17 17:31:00 manual n/a
OT Detect Definitions 0.000 2001-01-01 00:00:00 manual n/a
OT Patch Definitions 0.000 2001-01-01 00:00:00 manual n/a
I try on brave and the rules work's, twitch is bloked by fortigate.
Created on 11-14-2023 03:01 AM Edited on 11-14-2023 03:10 AM
In my system>setting, NGFW Mode is on "profile-based"
Created on 11-14-2023 05:37 AM Edited on 11-14-2023 05:37 AM
Hi @aduneo ,
Thank you. Please ignore my question about proxy/flow mode, your FortiGate model does not allow you to choose between Flow and Proxy inspection modes (https://community.fortinet.com/t5/FortiGate/Technical-Tip-Changing-the-inspection-mode-of-the-firewa... ).
Regarding QUIC, you mentioned earlier that you have disabled it, how did you do it? The link below shows several ways to do that (you may try to implement more than one):
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-disable-QUIC/ta-p/191273
https://community.fortinet.com/t5/FortiGate/Technical-Note-Disabling-Blocking-QUIC-Protocol-to-force...
Best regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.