Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

NGFW policy-based mode not blocking traffic


I am running a Fortigate 40F in policy-based mode and see a behaviour that I don't understand:

I have configured only two policies:


1. Block all traffic/any app id to url categories (spam, phishing etc.)

2. Allow traffic only with app id HTTPS.BROWSER


From my traffic logs I can see that sometimes first HTTPS.BROWSER and then another app id is recognized, but the traffic is not blocked.

For example when browsing the first log entry from app-ctrl is HTTPS.BROWSER and the next entry is Github which is not allowed by policy. The forwading log entry at the end of the session states Github too, but browsing was not blocked.

I have seen this behaviour with traffic to skype and adobe too.




Should not the firwall block this traffic when a not allowed app id is seen in a session?

Is that because NGFW in policy-based mode is doing only flow-mode and not proxy-mode?


Top Kudoed Authors