Hi, I’m new on Fortigate.
I create a new Application Control security profile to block multimedia (video, youtube, Netflix, Spotify, etc.) and I want to apply It to one of my Explicit Proxy Policy. I want to block that’s programs if some of that client were installed on my user’s desktop.
When I edit Explicit Proxy Policy and choose my new application control I get a an error in GUI, but if I choose the default application control it’s apply ok and save ok.
Any idea, why?
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello, Thanks to Fortinet Supports!!! Here is the solution:
> Session log: 1) Problem: Customer can not use an specific Profile of Application Control in Explicit proxy "Some changes failed to save" 2) I applied it via CLI and detected the following message Cannot block Proxy.HTTP application in explicit proxy policy. object check operator error, -651, discard the setting Command fail. Return code 1 3) We allowed "Proxy" in the profile and we succeed.
thanks!!!
Hello sebag,
Did you set the category "Proxy" or the signature "Proxy.HTTP" to Block? If you are using an Explicit Proxy Policy and tries to block the "Proxy.HTTP" signature, it will give you an error. That is because the "Proxy.HTTP" signature blocks the exact traffic that Explicit Proxy Policy sends.
HoMing
To add to the above response from HoMing, if your Application Control profile blocks the "Proxy" category, then you cannot apply it to the Explicit Proxy policy, as it includes the "Proxy.HTTP" application. One solution would be to block the "Proxy" as a category while adding "Proxy.HTTP" as an Application Override. This approach will allow for the Explicit Proxy application, but will block other types of proxies.
"Hey! It sounds like FortiOS 5.4.1 might have compatibility issues with custom profiles in the Explicit Proxy settings. A quick fix could be to start with the default profile, then add custom controls one at a time to pinpoint the issue check out. Also, ensure all app signatures are up-to-date—older signatures can sometimes cause these errors. Hope this helps, and good luck!"
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.