Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

How to deal with Adobe Creative Cloud?

I am looking for advice on how to deal with Adobe Creative Cloud.

Fortinet provided information (Internet Services, etc.) unfortunately seem not complete.


I need to close down all unnecessary traffic from inside to the internet. 

One of the policies should deal with Adobe Creative Cloud, but I can't make it work reliably.

I tried a combination of Adobe Internet Services and Security Profiles:

  1. Policy with all Adobe Internet Services and no Security Profile
    • Adobe Cloud is unreliable and does not connect, lots of timeouts. With some troubleshooting I have found additional IP Addresses that are not in any of the Fortinet provided Internet Services. Examples are *, *,, *, *
  2. Thus I created an additional policy with the aboce FQDN, all using HTTPS
    • Better, but i probably missed yet another set of IP addresses.
  3. Enhanced the policy with a Security Profile with all categories blocked, adding all I could find on Adobe manually in a Filter Override. 
    • Tested this also with no Adobe Internet Services, but All/All
    • That prooved not so efficient as expected
  4. Changed the Application Control to let through everything in Monitor mode
    • This is the current status, but I still have a ALL/ALL rule at the end where apparent Adobe traffic is leaking into.
    • As I closed down all other traffic, I recognized additional blocks in Policy 0. 

Interestingly, those blocked connections were labeled as Adobe...


Examples are (    -> Amazon-AWS (but not any Adobe Internet Service...) (    -> Akamai-CDN (but not any Adobe...) (  -> Suspect Adobe usage, but I'm not sure ( -> New Relic (but not any Adobe...)

there are more..


For some of those I checked Adobe Acrobat DC with procmon looking at the IP connections opened directly on one of the PC's. Obviously I cannot directly link back to the above FQDN's as I only see PTR records in procmon. 


Fact is that I, despite using the Fortinet provided Internet Services and the Application Profile, I can't make Adobe Cloud working correctly. But I do not want to keep everything open.


So, what might be your advise on how I can approach this? 







Hi Dan,

The most important two features implied are 'detection' and 'blocking', and we need to find out where it fails.

To correctly detect the HTTPS traffic, you need proxy-mode policy, Application control profile, "deep-inspection" SSL-SSH profile, and possibly Webfilter profile as well.

In some of your tests it seems that you managed to get the detection working, but blocking is effective on other profiles - need to see what security feature is blocking these sites (in logs). Some of the domains may not be allowed by allowing only Adobe (AWS/Akamai..) - these may be used by other sites as well, therefore may fall in the blocking category for those.


This being said, a better approach is to block unwanted specific elements/domains/categories rather than allow only specific domains.

- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -