We have a specific VLAN setup for some Android Tablets to join, and we built some Android Apps that is hosting in AWS.
We would like to limit our Android Tablets to run the Apps that we built, but restricting them to access internet and other stuffs including software updates.
Is it possible?
Thanks,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If the apps are built by you then the app signature will not be recognized by FortiGate, or just will be recognized as SSL traffic for example.
So if you want to allow only this traffic, I think using application control will not help, but instead you may just filter by destination, like your AWS servers IP addresses or FQDN for example.
Thanks for the Advice @AEK
Just wo confirm, in the ForiGate portal, Policy & Opjects -> Firewall Policy.
Edit the policy that is for the specify VLAN to WAN, Destination?
Here right?
Thanks,
By the way @AEK
The Android App that we build is available in GooglePlay, it has a ID, but it shows Private as well.
Will this make any difference to use Application Control or still the same as it is a Private App?
Thanks,
Hello Ching
Yes you should edit that policy and set the target AWS server(s) as destination. Bear in mind that there should be no other rule below it allowing other traffic from VLAN to WAN.
Regarding the application control, if you want to see if your application is recognized by the FG (who knows) then you need first to enable traffic log on that policy, generate some traffic from the application, then check on FG menu: Log & Report > Forward Traffic, filter on the client source IP (or AWS server IP), and see in column "Application Name" if any relevant application is displayed.
As another alternative you can still write your own application signature to filter by application profile, but it may require some skills. There is a special guide for that:
In case you can't then just filter by destination as suggested before.
Thank you @AEK
I tested, the Application Name shows empty in the log, Destination shows some IP and a Resolved Domain name in ()
Thanks a lot for your help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.