Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sebag
New Contributor III

Created on ‎10-20-2016 04:27 AM

Can't add a new application control security to explicit proxy policy? fortiOS 5.4.1

Hi, I’m new on Fortigate.

 

I create a new Application Control security profile to block multimedia (video, youtube, Netflix, Spotify, etc.) and I want to apply It to one of my Explicit Proxy Policy. I want to block that’s programs if some of that client were installed on my user’s desktop.

When I edit Explicit Proxy Policy and choose my new application control I get a an error in GUI, but if I choose the default application control it’s apply ok and save ok.

 

Any idea, why?

 

Thanks.

Labels:
10299
0 Kudos
4 REPLIES 4
sebag
New Contributor III

Created on ‎11-04-2016 05:43 AM

Hello, Thanks to Fortinet Supports!!! Here is the solution:

 

> Session log: 1) Problem: Customer can not use an specific Profile of Application Control in Explicit proxy "Some changes failed to save" 2) I applied it via CLI and detected the following message Cannot block Proxy.HTTP application in explicit proxy policy. object check operator error, -651, discard the setting Command fail. Return code 1 3) We allowed "Proxy" in the profile and we succeed.

 

thanks!!!

2926
0 Kudos
hmtay_FTNT
Staff
Staff

Created on ‎02-24-2017 08:36 AM

Hello sebag,

 

Did you set the category "Proxy" or the signature "Proxy.HTTP" to Block? If you are using an Explicit Proxy Policy and tries to block the "Proxy.HTTP" signature, it will give you an error. That is because the "Proxy.HTTP" signature blocks the exact traffic that Explicit Proxy Policy sends.

 

HoMing

2926
0 Kudos
dboreham_FTNT
Staff
Staff
In response to hmtay_FTNT

Created on ‎05-17-2017 01:15 PM

To add to the above response from HoMing, if your Application Control profile blocks the "Proxy" category, then you cannot apply it to the Explicit Proxy policy, as it includes the "Proxy.HTTP" application.  One solution would be to block the "Proxy" as a category while adding "Proxy.HTTP" as an Application Override.  This approach will allow for the Explicit Proxy application, but will block other types of proxies.  

2926
0 Kudos
jayden67
New Contributor

Created on ‎10-31-2024 06:20 AM Edited on ‎11-05-2024 10:01 AM

"Hey! It sounds like FortiOS 5.4.1 might have compatibility issues with custom profiles in the Explicit Proxy settings. A quick fix could be to start with the default profile, then add custom controls one at a time to pinpoint the issue check out. Also, ensure all app signatures are up-to-date—older signatures can sometimes cause these errors. Hope this helps, and good luck!"

459
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.