We're just starting to dip into application control.
In this case, Teamviewer is the application we want to monitor.
From what we've read, you can not create a rule that uses the application signature to match - instead you have to apply application control to a rule being matched by more base-level criteria (ip, port, service, etc).
To test this out, we created a simple pair of rules. One on Inside to Outside, one on Outside to Inside. These rules match all sources, all destinations, ports and services - ie. should match all traffic not previously matched.
We created an application control entry for Teamviewer and applied that Application Control to the two rules created.
In the application control, everything is set to allow, but an application override was added in which I selected TeamViewer from the list of applications. For the action, I originally tried monitor, but then moved on to Block.
So far - no love at all. On both the inbound and outbound rules, nothing. If I set logging to all, then it matches lots of traffic.
So what am I doing wrong ? I'm sure I'm missing some obvious step :) I'm trying to avoid creating a rule to match the port that Teamviewer is known to use and just use the built in intelligence.
Thanks
Can you please share the firmware version of your FortiGate? Also, share the details of your policy (picture is not clear enough)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.