Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wamendoza
New Contributor III

Created on ‎03-21-2022 01:46 PM

Webfilter & App Control DONT's WORK :'(

I have a problem with the webfilter and app control of my Fortigate60E

 

I am blocking EVERYTHING that is remote access and it is not working, which it is but if I go to Log&Report>FowardTraffic absolutely NOTHING is reflected in "Application Name", which makes me assume that my traffic passes without SSL inspection.

 

I'm using a basic Monitoring setup profiel on App Control and Webfilter, and it doesn't work either, I don't really see anything.

 

What's going on?

app.JPGwebfil.JPGav.JPGpolicy.JPG

fowartraffic.JPG

Labels:
2877
0 Kudos
1 Solution
wamendoza
New Contributor III
In response to jhussain_FTNT

Created on ‎03-24-2022 05:26 AM

yes, that's right, there was a crash related to ipsengine process so the restart of the ips engine was carried out using the CLI

 

 " diagnose test application ipsengine 99".

 

Thanks for all your time Sir. :)

 

 

View solution in original post

2762
0 Kudos
4 REPLIES 4
jhussain_FTNT
Staff
Staff

Created on ‎03-22-2022 12:57 AM

You need to configure the policy with deep inspection .When using SSL Certificate Inspection, the SSL Handshake is not interrupted, but the FortiGate reads the CN part of the certificate. This CN part, has the URL for the certificate was signed to. This way, the FortiGate has an URL to check into its categories database. But the TLS/SSL content is not read in any way.

When you use deep inspection, the FortiGate impersonates the recipient of the originating SSL session, then decrypts and inspects the content to find threats and block them. It then re-encrypts the content and sends it to the real recipient.

 

Kindly refer the below document

https://community.fortinet.com/t5/FortiGate/Technical-Note-Differences-between-SSL-Certificate-Inspe...

 

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/122078/deep-inspection

2806
0 Kudos
wamendoza
New Contributor III

Created on ‎03-23-2022 10:14 AM

Hi

After reviewing traffic flow diagram a bit and understanding that the IPS ENGINE encompasses all the traffic inspection(app control, webfilter, av, etc) , i realized that the ipsengine was not running in the "dig sys top",

 

fortia.JPG

 

so the restart was carried out through the CLI of ips process via " diagnose test application ipsengine 99".

 

Now you can see the inspection of packets through FG.

ftlog.JPG

 

I was also able to notice that there was a crash:

273: 2022-01-24 10:51:29 ipsengine 07.000.044 crashed 3 times. The latest crash was at 2022-01-24

 

 

2753
0 Kudos
jhussain_FTNT
Staff
Staff
In response to wamendoza

Created on ‎03-24-2022 01:17 AM

Hi,

The IPS crash log date was in month of Jan ( 2022-01-24  ). Are you noticing the same crashlog currently also.

2736
wamendoza
New Contributor III
In response to jhussain_FTNT

Created on ‎03-24-2022 05:26 AM

yes, that's right, there was a crash related to ipsengine process so the restart of the ips engine was carried out using the CLI

 

 " diagnose test application ipsengine 99".

 

Thanks for all your time Sir. :)

 

 

2763
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.