Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hyder
New Contributor

Unable to block imessage application signature in Fortigate

I'm trying to block iMessage for all iPhone users connecting to FortiAP. We tested both deep inspection and certificate inspection in proxy mode, but it didn’t work. None of the 2000 iPhone users have the Fortinet certificate installed. For testing, we installed FortiNet certificate in one test device, but iMessage was still not blocked.

How can we effectively block iMessage for all iPhone users?

3 REPLIES 3
dbhavsar
Staff
Staff

Hello @hyder ,

 

From Application Control profile have you tried blocking "Apple.Messages" ?

Reference: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-particular-application-using/...

DNB
hyder
New Contributor

Dear @dbhavsar ,

 

We have created the Application Control signature profile Students with 'apple.message' with a block filter, along with 128 other signatures, called within the firewall policy for the student VLAN, which includes certificate inspection. However, the 'apple.message' signature is not functioning as expected. What steps should we take next?"

dbhavsar
Staff
Staff

Hello @hyder ,

Have you tried deep packet inspection, and also what mode is configured on the policy [flow/proxy]. You can try creating a test policy and test using Deep packet inspection + Proxy mode and Deep packet inspection + Flow mode. Also what is the version of Fortigate you're using? 

DNB
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors