Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
HS08
Contributor

Created on ‎08-20-2024 06:36 PM

How Application Control Work

Hello,

Yesterday i facing issue where from client not able access to Azure MSSQL, then i found some information from Azure team that deploying MSSQL on azure have 2 kind of connections policy such is :

  1. Proxy : With this policy the client only need connect to one single port for MSSQL TCP/1433
  2. Redirect : With this policy, the connection need other port range from 110000 - 11999 beside TCP/1433

The issue yesterday is on our Fortinet application control the MSSQL is already allowed but the client still not able to connect because the MSSQL using redirect mode which is need open port range from 11000-11999.

On the log i also can see there is MSSQL is blocked and also I can see the port used is 11050.

Here i want to know how application can knowing this port 11050 is belong to MSSQL?

4.png

 

Labels:
578
0 Kudos
7 REPLIES 7
ozkanaltas
Valued Contributor III

Created on ‎08-20-2024 10:41 PM

Hello @HS08 ,

 

Application control is not interested in the application port. It just interested application communication pattern. When I reviewed your logs, this traffic was not blocked by application control. Because control action is just detected not blocked or dropped. 

 

Can you share the full log with us? This way we can more easily understand why it was blocked.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
551
HS08
Contributor
In response to ozkanaltas

Created on ‎08-21-2024 09:38 PM

i posting the log here twice and my post is disappears. Now the log i paste the log as pic here9.png

513
0 Kudos
ozkanaltas
Valued Contributor III

Created on ‎08-22-2024 12:14 AM

Hello @HS08 ,

 

That is interesting. Do you have any other security profile on  IT policy? 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
494
0 Kudos
HS08
Contributor
In response to ozkanaltas

Created on ‎08-22-2024 12:19 AM

Here my rule

10.png

490
0 Kudos
ozkanaltas
Valued Contributor III
In response to HS08

Created on ‎08-22-2024 12:21 AM

Hello @HS08 ,

 

Can you remove all security profiles except app control? After removing it, can you try to access the SQL service? 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
488
0 Kudos
HS08
Contributor
In response to ozkanaltas

Created on ‎08-22-2024 06:05 PM

Still can't access even only have app control in the rule.

433
0 Kudos
ezhupa
Staff
Staff

Created on ‎08-22-2024 02:55 AM

Hello, 

 

In Forward Logs you should be able to see the "Security" part of the log. There it should be stated what exactly is blocking the website. 

Hope this helps.
Enea

459
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.