Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jesse_fletcher
New Contributor

Created on ‎06-19-2019 06:19 PM

Spotify block through override not taking effect

I'm having an odd issue with Application Control (Blocking Spotify) on an outgoing client policy on 6.2. Wondering if anyone would have any insight to what I may be missing?

The application control profile has Spotify added as an override with Block as the action. When I check the logs and filter Spotify it appears with pass as the action.

I've confirmed through these records that it is the correct policy which has the profile with the override in it that is being applied to that traffic.

Is there anything else in the app control profile that needs to be done other than adding the override block in order for that to work?

 

Screenshots linked below. Thanks.

 

https://www.dropbox.com/s/nomrodlithgsvnf/spotify1.PNG?dl=0

https://www.dropbox.com/s/1mlqf5g15kddmgi/spotify2.PNG?dl=0

https://www.dropbox.com/s/d0s0arkt5e4qeod/spotify3.PNG?dl=0

https://www.dropbox.com/s/hjgz9ml98ipzerb/spotify4.PNG?dl=0

Labels:
19801
0 Kudos
15 REPLIES 15
hubertzw
Contributor III

Created on ‎06-19-2019 10:25 PM

Can you see in the logs the correct profile name (Application Control)?

9914
0 Kudos
jesse_fletcher
New Contributor
In response to hubertzw

Created on ‎06-20-2019 05:42 PM

It appears that the Application Control Sensor appearing under the log details is "default" which doesn't match the "default-block-spotify" profile which has been created. Any reason why this profile would be showing even though the other is assigned to the policy which the traffic is passing through? The correct policy #27 is showing in the log detials which has the "default-block-spotify" profile attached. Screenshots below.

 

https://www.dropbox.com/s/uqsgy5q12kwkl0p/spotify5.PNG?dl=0

https://www.dropbox.com/s/v7g4q3h27o5yjxq/spotify6.PNG?dl=0

 

 

 

9914
0 Kudos
hubertzw
Contributor III
In response to jesse_fletcher

Created on ‎06-21-2019 09:50 AM

Yes, it doesn't make sense. Can you show the policy ID 27 configuration?

9914
0 Kudos
jesse_fletcher
New Contributor
In response to hubertzw

Created on ‎06-23-2019 05:29 PM

See policy 27 config screenshots below.

 

 

https://www.dropbox.com/s/c5xquislvitwshk/spotify7.PNG?dl=0

https://www.dropbox.com/s/0ty9raiwf502xgp/spotify8.PNG?dl=0

 

9914
0 Kudos
hubertzw
Contributor III
In response to jesse_fletcher

Created on ‎06-24-2019 11:53 PM

You need the policy with Application Control with action 'block'. I see your policy 27 has action 'pass'.

 

I just test it and it works fine on 6.2:

 

date=2019-06-24 time=23:46:49 logid="1059028705" type="utm" subtype="app-ctrl" eventtype="app-ctrl-all" level="warning" vd="root" eventtime=1561445209 appid=17405 srcip=10.0.1.10 dstip=104.154.127.47 srcport=49642 dstport=443 srcintf="port3" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined" proto=6 service="HTTPS" direction="outgoing" policyid=1 sessionid=1917 applist="spotify-test" appcat="Video/Audio" app="Spotify" action="block" hostname="www.spotify.com" incidentserialno=1399263240 url="/" msg="Video/Audio: Spotify," apprisk="medium"

9914
0 Kudos
jorge_americo
Contributor
In response to hubertzw

Created on ‎06-25-2019 06:22 AM

 

Try removing the override. and block the category. This test is just to see if it can be some problem in the override.

NSE-4

NSE-4
9917
0 Kudos
jesse_fletcher
New Contributor
In response to jorge_americo

Created on ‎06-25-2019 05:28 PM

jorge.americo wrote:

 

Try removing the override. and block the category. This test is just to see if it can be some problem in the override.

 

Tried this and the same thing occurs, log entry shows Spotify entry with pass and the policy with ID 27. It also shows under the log details the Application Control with the sensor with name "Default" which is not what is assigned to policy 27. I've disabled app control on the policy and re-enabled to test and the same thing occurs. The wrong app control sensor is assigned to the policy 27.

9917
0 Kudos
jorge_americo
Contributor
In response to jesse_fletcher

Created on ‎06-25-2019 05:51 PM

ok. now I see a thing. try without webfilter option.

NSE-4

NSE-4
9917
0 Kudos
jesse_fletcher
New Contributor
In response to jorge_americo

Created on ‎06-25-2019 06:52 PM

No difference after disabling web filter on policy 27.

9917
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.