Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jeskudero
New Contributor II

Industrial category is missing

Hello   I have a 60E and i recently have updated to fortiOS 5.6.6 from 5.4. Before the update i could find the industrial category in the app control section to block specific industrial traffic but in fortiOS5.6 this category is missing and i cant configure the fortigate to block this kind of traffic. The fortinet documentation says that industrial protocols are enabled to be identified (https://fortiguard.com/appcontrol?category=Industrial&deepapp=&page=1)   Thanks
1 Solution
jeskudero
New Contributor II

Hello

It seems like Fortinet has exclude the industrial signatures from the UTM license group, you hava to purchase those signatures apart of the UTM license or you have to purchase the enterprise licecense. That was my local seller response.

 

anyway, thanks for your responses!

View solution in original post

7 REPLIES 7
Dave_Hall
Honored Contributor

Not familiar with 5.6, so it may be possible that the category is still there, though renamed or recategorized.   You could always check via the CLI, just perform something similar to:

 

config application list edit "default" config entries edit 1 set category ?

At ?, the fgt should output something similar to:

 

ID           Select Category ID 1            IM 2            P2P 3            VoIP 5            Video/Audio 6            Proxy 7            Remote.Access 8            Game 12           General.Interest 15           Network.Service 17           Update 19           Botnet 21           Email 22           Storage.Backup 23           Social.Media 24           File.Sharing 25           Web.Others 26           Industrial 27           Special 28           Collaboration 29           Business 30           Cloud.IT 31           Mobile

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
bommi

Hi,

 

if you want to use the industrial services signatures you need to do this:

 

config ips global

set exclude-signatures none

end

Regards

bommi

NSE 4/5/7

NSE 4/5/7
jeskudero
New Contributor II

Hi

 

bommi, i have already tried that solution but it doesnt work. (https://forum.fortinet.com/tm.aspx?m=169179)

 

Dave hall, i have done what you said and it shows me the list like you put there. I have selected the industrial category but then it doesnt show me in the GUI, and I cant find the industrial signatures (modbus write and read for example).

 

I have tried to reboot several times but nothing happens, this is how i have the config now:

 

FGT60EXXXX # config vdom FGT60EXXXX (vdom) # edit root current vf=root:0 FGT60EXXXX (root) # config application list FGT60EXXXX (list) # edit Trafico\ industrial FGT60EXXXX (Trafico industrial) # config entries FGT60EXXXX (entries) # show config entries     edit 1         set category 26         set application 25890 25900 44542     next     edit 2         set category 2 3 5 6 7 8 12 15 17 21 22 23 25 26 28 29 30 31     next end

Dave_Hall
Honored Contributor

Under 5.6 (and under 5.4), it looks like the industrial signatures are excluded by default  (see https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-security-profiles/Other_Profile_Cons... ), if the global option exclude-signatures is set to none and the CLI does show category 26 set in one of the app list, but is not showing up in the UI, it may be possible that you are looking at cached content - try refreshing the page and/or try another web browser.

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
jeskudero
New Contributor II

I have activated the signatures (put it on "none" exlude industrial signatures) and i have selected all categorys in the application list menu and nothing works

 

Any ideas??

Dave_Hall
Honored Contributor

Have you tried clearing the browser cache or using a different web browser and/or accessing the fgt from a different workstation/labtop - all three?  The only times I have encounter something like this is using using an unsupported browser version (some of the page elements wouldn't show up) or didn't clear the browser cache following a major firmware upgrade.  

 

Also have you followed the recommended Upgrade path for going from 5.4.x to 5.6.6?  It looks like the min. 5.4 version needed to go straight to 5.6.6 is 5.4.10. 

 

jeskudero wrote:

I have activated the signatures (put it on "none" exlude industrial signatures) and i have selected all categorys in the application list menu and nothing works

 

Any ideas??

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
jeskudero
New Contributor II

Hello

It seems like Fortinet has exclude the industrial signatures from the UTM license group, you hava to purchase those signatures apart of the UTM license or you have to purchase the enterprise licecense. That was my local seller response.

 

anyway, thanks for your responses!

Top Kudoed Authors