Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dan_newcombe
New Contributor

Just want to log application hits

We're just starting to dip into application control.

 

In this case, Teamviewer is the application we want to monitor.

 

From what we've read, you can not create a rule that uses the application signature to match - instead you have to apply application control to a rule being matched by more base-level criteria (ip, port, service, etc).

 

To test this out, we created a simple pair of rules.  One on Inside to Outside, one on Outside to Inside.  These rules match all sources, all destinations, ports and services - ie. should match all traffic not previously matched.

 

We created an application control entry for Teamviewer and applied that Application Control to the two rules created.

In the application control, everything is set to allow, but an application override was added in which I selected TeamViewer from the list of applications.  For the action, I originally tried monitor, but then moved on to Block.

 

So far - no love at all.  On both the inbound and outbound rules, nothing.   If I set logging to all, then it matches lots of traffic.  

 

So what am I doing wrong ?  I'm sure I'm missing some obvious step :)    I'm trying to avoid creating a rule to match the port that Teamviewer is known to use and just use the built in intelligence.

 

Thanks

1 REPLY 1
Mrinmoy
Staff
Staff

Can you please share the firmware version of your FortiGate? Also, share the details of your policy (picture is not clear enough)

Mrinmoy Purkayastha
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors