Dears,
There is a mobile application called Shahid. It is a streaming application just like Netflix. Our FG-101E classify it as "HTTPS.BROWSER" (Application Name). We need to change that so it has proper application name called "shahid". So, we are trying to create a custom application signature to identify this specific application but we were unable to succeed using the below syntax.
F-SBID( --name shahid; --app_cat 5; --pattern *akamai* --pattern *shahid*; service http service https; --context host --protocol tcp; --flow bi_direction; --technology 0; --vendor 0; --risk 5; --pop 0; --no_case;)
Please find the image below for log details about the traffic we are trying to match.
Is there something wrong with our syntax? Thanks,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
According to that log entry, it looks like the connection is encrypted, so Full SSL Inspection is likely needed to have the fgt decrypted the traffic in order to scan it. Alternately, if you employ SSL Certificate Inspection then you could use URL filter and set up a block for "*.mbc.net", which is listed for host on the security certificate.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Dear Dave,
Thanks for your response. First we need to identify the traffic as "shahid" before taking any further actions such as blocking it or traffic shape it for example.
How do we apply Full SSL Inspection for that particular traffic?
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.