Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mikt
New Contributor

Using application control for incoming rules

Hello,

it may just be a silly question - but can i or i can i not use application control for incoming policies?

 

my rule is:

all (Wan) -> Server (DMZ) > always > all > HTTPS.Browser

and thought it will block all access but HTTPS request. 

A look in the log tells shows me that everything is accepted.

 

Why is it like that? Why are non https requests are not blocked?

 

Thanks 

2 REPLIES 2
Dave_Hall
Honored Contributor

Application Control is mainly used to control/restrict access to applications by your internal users, usually meaning it is applied to a firewall rule governing traffic from internal (lan) going out (WAN).

 

If you have an internal web server on the DMZ, it might already be or what you want is setup similar to what is outlined in this link http://cookbook.fortinet....eb-server-with-dmz-54/

 

But to help us to better understand what you are trying to do is describe your network and server setup.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Nicholas_Doropoulos
Contributor

It's probably worth looking at implementing WAF if it's a public-facing server you want to protect.

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors