Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aduneo
New Contributor

Created on ‎11-14-2023 12:26 AM

Application control doesn't work in chrome

Hello

I created application control rules to block twitch in fortigate 60E, but this rules doens't work in Chrome.

I tested on all other browser and it's work's good excepted for chrome, have you got any idea ?

Labels:
3174
0 Kudos
18 REPLIES 18
aduneo
New Contributor
In response to fricci_FTNT

Created on ‎11-14-2023 05:53 AM

I block QUIC directly in application control profile

 

firefox_vU2KNcuEMI.png

1172
0 Kudos
fricci_FTNT
Staff
Staff
In response to aduneo

Created on ‎11-14-2023 06:53 AM

Thank you for your confirmation. So I guess if you use Chrome and try to sniff packets in Wireshark from your test client filtering for UDP 443 (udp portrange 443), you do not see any packet, right?

QUIC-wireshark-filter.PNG

 
I think this needs to be investigated more deeply, it might be easier to raise a ticket in FortiCare so you can properly upload your config and logs.

Were you able to collect the debug flow logs earlier?

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
1164
0 Kudos
aduneo
New Contributor
In response to fricci_FTNT

Created on ‎11-14-2023 07:24 AM

yes when i start wireshark i do not see any packet.

I think we open ticket in forticare for this probleme.

 

No i haven't collected the debug flow logs yet.

But after some test i see my application control rule  doesn't work on any browser, because when i try on firefox i have a message :

The page you have requested has been blocked because the URL is banned.

 

When application control rules doesn't work, i created a webfilter and these rules work but not on all browsers.

 

This is a very old configuration of Fortigate and I think the easiest way would be to do a factory reset and start a new clean configuration

 

 

1155
0 Kudos
smaruvala
Staff
Staff

Created on ‎11-14-2023 09:47 PM

Hi,

 

- Are you using full inspection or only certificate inspection?

- Traffic logs in Chrome shows the application identified as HTTPS Browser. Do you see the application as twitch when the Firewall blocks?

- What is the version of the Chrome you are using? It is very odd that the firewall is able to block it when using Brave which is a chrome based browser. 

- Was this working before? I just wanted to make sure the issue did not start after the upgrade of the application database.

 

Regards,

Shiva

1130
aduneo
New Contributor
In response to smaruvala

Created on ‎11-14-2023 11:52 PM

Hello,

We use SSL certificate inspection.

We do not see application twitch because the firewall do not block, when i test on firefox or brave it's the webfilter rules who block this site not application control.

My version of chrome is Version 119.0.6045.124 (Build officiel) (64 bits)

I think the application control doesn't work before for twhitch

1122
0 Kudos
smaruvala
Staff
Staff
In response to aduneo

Created on ‎11-15-2023 01:57 AM

Hello,


- I can see a new chrome version available. You can try in the latest chrome version as well.

- Is it possible to change the inspection to deep inspection and test it? If yes then its a good test worth trying. 

- Another option we have is to check the debugs and captures for working and non-working scenario.

 

Regards,

Shiva

1107
0 Kudos
aduneo
New Contributor
In response to smaruvala

Created on ‎11-15-2023 02:35 AM

When you say to try the inspection to deep inspection you want to say full inspection ?

1103
0 Kudos
smaruvala
Staff
Staff
In response to aduneo

Created on ‎11-15-2023 02:37 AM

Hi,

Yes, you are correct.

Regards,

Shiva

1101
0 Kudos
pminarik
Staff
Staff

Created on ‎11-21-2023 08:58 AM

If the firewall policy is in flow-mode inspection, try switching to proxy-mode:

flow_to_proxy.png

Otherwise I would suggest opening a case with the TAC, this looks like it will need more intensive "digging" to get to the cause.

[ corrections always welcome ]
1028
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.