Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gendit
New Contributor

Created on ‎11-22-2016 06:37 PM

How to bypass certain URL/Apps from being block by Application Control

Hi,

 

I'm using fortigate 310b and by default we have using web filtering and application control to block certain application.

 

There is one website that have an applet / apps in the website page for play live radio streaming is block by Application Control.

 

I have whitelist the website but still cannot see and play the live radio streaming applet but try to whitelist in the application control but seems like it cannot be specific to certain URL

 

Please advised how to allow the URL to be access..Thanks!

 

Preview file
84 KB
40653
0 Kudos
5 REPLIES 5
braymetnet
New Contributor

Created on ‎11-23-2016 03:08 AM

Hi gendit,

Please select enable web filtering option from security menu, add the url which you want to allow and select the correct action.

 

 

15555
0 Kudos
gendit
New Contributor
In response to braymetnet

Created on ‎11-23-2016 04:37 PM

Dear Bray,

 

I already try that options and the live streaming applet still being block.

 

when i add the URL whether direct URL or Wildcard, still the same because the website can be access, only the apps is block by application control

 

Thanks for Reply

15554
0 Kudos
Adriano_Oliveira
New Contributor

Created on ‎12-06-2016 04:50 AM

Hi,

 

I'm try to explain.

What's your Firmware Version of fortigate?

I think that you need to create a Application Override, put the APP in list with action the permit the app.

See the picture attached.

 

I'm using firmware 5.2.7


Thank you.

Best Regards,
Adriano Oliveira
Security Analyst / Consultant
+55 21 972816850
Thank you.Best Regards,Adriano OliveiraSecurity Analyst / Consultant+55 21 972816850
Preview file
49 KB
15554
0 Kudos
gendit
New Contributor
In response to Adriano_Oliveira

Created on ‎12-06-2016 09:39 PM

Hi Adriano,

 

I'm using firmware 5.2.8. I already try before the suggestion before and its not working since you can only enable / allow the apps generally but cannot specific to the web / URL that been blocked. I already try to enable/ allow the live streaming apps generally, but instead all the streaming site can be open which blocked by web filter. This cause traffic congestion.

 

Its is possible for me to allow specific URL in the apps guard?

 

or

 

Can i white list a website / certain website which generally bypass the webfilter and apps guard?

 

Thanks and Regards

15554
0 Kudos
hmtay_FTNT
Staff
Staff

Created on ‎02-23-2017 09:18 AM

Hello gendit,

 

Since you used the Application Control signature "Stream.Media" to block the traffic, you would need to use the Application Override to allow the traffic. You can add a custom App Control signature to whitelist the specific site that you want allowed and set it to Monitor.

 

I will send you the latest IPS Engine for FortiOS 5.2 that allows whitelisting for custom signatures. The signature syntax is as follow:

 

F-SBID( --name "<Any Name>";  --protocol tcp; --service HTTP; --flow from_client; --pattern "<host name>"; --context host; --no_case; --pattern "<URI>"; --context uri; --no_case; --app_cat 12; --weight 100; ) 

 

In the image you provided, the link was blocked when you access http://stream.rib.dataprodigy.my:16731. An example of how to how to put the link into the signature is:

 

F-SBID( --name "Dataprodigy.Steam";  --protocol tcp; --service HTTP; --flow from_client; --pattern "stream.rib.dataprodigy.my"; --context host; --no_case; --app_cat 12; --weight 100; ) 

 

I removed the URI pattern because the link does not appear to have one. After you add the signature, add it to Application Override.

15554
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.