Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Can't add a new application control security to explicit proxy policy? fortiOS 5.4.1

Hi, I’m new on Fortigate.


I create a new Application Control security profile to block multimedia (video, youtube, Netflix, Spotify, etc.) and I want to apply It to one of my Explicit Proxy Policy. I want to block that’s programs if some of that client were installed on my user’s desktop.

When I edit Explicit Proxy Policy and choose my new application control I get a an error in GUI, but if I choose the default application control it’s apply ok and save ok.


Any idea, why?



New Contributor III

Hello, Thanks to Fortinet Supports!!! Here is the solution:


> Session log: 1) Problem: Customer can not use an specific Profile of Application Control in Explicit proxy "Some changes failed to save" 2) I applied it via CLI and detected the following message Cannot block Proxy.HTTP application in explicit proxy policy. object check operator error, -651, discard the setting Command fail. Return code 1 3) We allowed "Proxy" in the profile and we succeed.




Hello sebag,


Did you set the category "Proxy" or the signature "Proxy.HTTP" to Block? If you are using an Explicit Proxy Policy and tries to block the "Proxy.HTTP" signature, it will give you an error. That is because the "Proxy.HTTP" signature blocks the exact traffic that Explicit Proxy Policy sends.




To add to the above response from HoMing, if your Application Control profile blocks the "Proxy" category, then you cannot apply it to the Explicit Proxy policy, as it includes the "Proxy.HTTP" application.  One solution would be to block the "Proxy" as a category while adding "Proxy.HTTP" as an Application Override.  This approach will allow for the Explicit Proxy application, but will block other types of proxies.  

Top Kudoed Authors