We have one Ubuntu Server there we have enabled SSH and now I'm trying to provide SSH access for some users, but I would like to apply application control to the rule. In rule I added SRC, DST, User Group and Port (TCP 22), then created application group, where I blocked all applications but enabled SSH Applications (did override), but users can't access to the server. But then I added to this application rule also one override rule, where select also "Canonical Ubuntu" application and then users received access.
You could achieve this by simply create a Firewall policy with Source, Destination and Service (as SSH-TCP22). So why would you need application control here. What are the objectives ?
If you still want application control, you can create a Application Profile blocking all Application category while adding SSH application to be allow as Override and then call this in the Firewall policy which is created above.
Fair enough, but still in the Firewall policy you only allow service TCP-22 which should restrict any other access other than port 22 for this Ubuntu Server from Layer 4 perspective and you still allowed only the respective application with application control at the Application layer.
If you use HTTP on non-standard port (ex: TCP -22), this is where your application control comes into play which only allows "Canonical Ubuntu" and not HTTP Session. In this case your attempt to perform HTTP on port 22 should be blocked as it expected HTTP traffic in port 80 and not 22.
Application control and other deep level inspection takes place once the firewall policy is matched, firewall policy match happens based on the Interfaces, IP,protocol and port numbers. So if your application is on port 80, and policy is allowing port22, the traffic won't work even if the application control allows the particular application, same is the case if application control signature allows multiple port but firewall policy allows only port 22. Only traffic on port22 is expected to work.
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.