Unable to block imessage application signature in Fortigate

hyder · ‎03-16-2025

I'm trying to block iMessage for all iPhone users connecting to FortiAP. We tested both deep inspection and certificate inspection in proxy mode, but it didn’t work. None of the 2000 iPhone users have the Fortinet certificate installed. For testing, we installed FortiNet certificate in one test device, but iMessage was still not blocked.

How can we effectively block iMessage for all iPhone users?

dbhavsar · ‎03-17-2025

Hello @hyder ,

From Application Control profile have you tried blocking "Apple.Messages" ?

Reference: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-particular-application-using/...

DNB

hyder · ‎03-17-2025

Dear @dbhavsar ,

We have created the Application Control signature profile Students with 'apple.message' with a block filter, along with 128 other signatures, called within the firewall policy for the student VLAN, which includes certificate inspection. However, the 'apple.message' signature is not functioning as expected. What steps should we take next?"

dbhavsar · ‎03-17-2025

Hello @hyder ,

Have you tried deep packet inspection, and also what mode is configured on the policy [flow/proxy]. You can try creating a test policy and test using Deep packet inspection + Proxy mode and Deep packet inspection + Flow mode. Also what is the version of Fortigate you're using?

DNB

Unable to block imessage application signature in Fortigate

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website