Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jesse_fletcher
New Contributor

Created on ‎06-19-2019 06:19 PM

Spotify block through override not taking effect

I'm having an odd issue with Application Control (Blocking Spotify) on an outgoing client policy on 6.2. Wondering if anyone would have any insight to what I may be missing?

The application control profile has Spotify added as an override with Block as the action. When I check the logs and filter Spotify it appears with pass as the action.

I've confirmed through these records that it is the correct policy which has the profile with the override in it that is being applied to that traffic.

Is there anything else in the app control profile that needs to be done other than adding the override block in order for that to work?

 

Screenshots linked below. Thanks.

 

https://www.dropbox.com/s/nomrodlithgsvnf/spotify1.PNG?dl=0

https://www.dropbox.com/s/1mlqf5g15kddmgi/spotify2.PNG?dl=0

https://www.dropbox.com/s/d0s0arkt5e4qeod/spotify3.PNG?dl=0

https://www.dropbox.com/s/hjgz9ml98ipzerb/spotify4.PNG?dl=0

Labels:
19798
0 Kudos
15 REPLIES 15
binnyrog
New Contributor
In response to jesse_fletcher

Created on ‎06-25-2019 11:13 PM

Enable "Network Protocol Environment" option  from this screenshot. https://www.dropbox.com/s/1mlqf5g15kddmgi/spotify2.PNG?dl=0

 

It'd help you. 

5109
0 Kudos
jesse_fletcher
New Contributor
In response to hubertzw

Created on ‎06-25-2019 05:17 PM

hubertzw wrote:

You need the policy with Application Control with action 'block'. I see your policy 27 has action 'pass'.

 

I just test it and it works fine on 6.2:

 

date=2019-06-24 time=23:46:49 logid="1059028705" type="utm" subtype="app-ctrl" eventtype="app-ctrl-all" level="warning" vd="root" eventtime=1561445209 appid=17405 srcip=10.0.1.10 dstip=104.154.127.47 srcport=49642 dstport=443 srcintf="port3" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined" proto=6 service="HTTPS" direction="outgoing" policyid=1 sessionid=1917 applist="spotify-test" appcat="Video/Audio" app="Spotify" action="block" hostname="www.spotify.com" incidentserialno=1399263240 url="/" msg="Video/Audio: Spotify," apprisk="medium"

See below 2 screenshots which have the override as blocks. Surely the IPv4 Policy "27" isn't meant to be action of "DENY"?

 

https://www.dropbox.com/s/1mlqf5g15kddmgi/spotify2.PNG?dl=0

https://www.dropbox.com/s/d0s0arkt5e4qeod/spotify3.PNG?dl=0

 

5106
0 Kudos
hubertzw
Contributor III
In response to jesse_fletcher

Created on ‎06-26-2019 03:34 AM

Yes, my mistake, the firewall policy action can be 'allow' of course. The one scenario I tested is like your one and in my case it works fine:

 

FortiOS v6.2.0 build0866 (GA)

 

config firewall policy
    edit 1
        set name "Full_Access"
        set uuid b11ac58c-791b-51e7-4600-12f829a689d9
        set srcintf "port3"
        set dstintf "port1"
        set srcaddr "LOCAL_SUBNET"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set logtraffic all
        set fsso disable
        set application-list "spotify-test"
        set ssl-ssh-profile "custom-deep-inspection"
        set nat enable
    next
end
 

edit "spotify-test"
        set comment ''
        set replacemsg-group ''
        set extended-log disable
        set other-application-action pass
        set app-replacemsg enable
        set other-application-log enable
        set enforce-default-app-port disable
        set unknown-application-action pass
        set unknown-application-log disable
        unset p2p-black-list
        set deep-app-inspection enable
        set options allow-dns
        config entries
            edit 1
                set application 17405
                set action block
                set log enable
                set log-packet disable
                set rate-count 0
                set session-ttl 0
                set quarantine none
            next
 
 

 

5106
0 Kudos
YouAss
New Contributor

Created on ‎04-26-2023 05:05 AM

Hi! I just wonder how's it going now

4011
0 Kudos
michael5253
New Contributor

Created on ‎11-04-2024 02:19 PM

i wonder how's it going now

776
0 Kudos
markjohn235
New Contributor

Created on ‎01-24-2025 07:14 PM

It seems like you're running into an issue with the Application Control profile not blocking Spotify as expected, even though you've set up an override with a "Block" action. If the traffic is still showing as "pass," you might want to check a few things:

  1. Ensure the Override is Correct: Double-check that the override settings are properly configured and applied to the correct client policy.
  2. Look for Conflicting Rules: There might be another policy or rule elsewhere that could be allowing Spotify traffic to pass through.
  3. Log Review: Carefully review the logs to see if there are any other specific reasons or rules that could be impacting the override.

If you’re interested in enhancing your music streaming experience, you might want to explore SpotiePremium, where you can enjoy Spotify Premium features for free.

Hope that helps!

339
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.