Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MD1
New Contributor

about Application and filter overrides

Hi

I blocked Remote Access category in Application Control, then added and allow (RDP) in application and filter overrides, but (RDP) not work ! any suggestions please.

 

thanks

5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Hello MD1,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
MD1
New Contributor

I appreciate that.

Thank you.

sjoshi
Staff
Staff

Dear MD1,

 

Thank you for posting to the Fortinet Community Forum.

 

Problem Description:-
You have blocked Remote Access category in Application Control but have allowed RDP application in application filter override but it is not working

 

I have attached a snapshot of app control configuration to meet your requirement. Please check whether you have configure the same way. Please share me the snapshot of your app control configuration.

Capture.PNG

 

Please check the same app control has been implemented in the policy.
Also please share the logs of app control where it is blocking RDP.

 

Let us know if this helps.

 

Thanks

Salon Raj Joshi
MD1
New Contributor

Thank you for you effort. I make all categories allowed but same issue!

And I checked logs and I found the action is : TCP reset from client!

 

vponmuniraj
Staff
Staff

Hi, 

 

Check the order of the rules in the cli and move the entry to whitelist RDP to the top. 

 

For example, the entries should be similar to the below: 

config application list
edit "RDP_allow"
set other-application-log enable
config entries
edit 1
set application 15511
set action pass
set log disable
next
edit 2
set category 2 6 7
next
end
next
end

 

Regards,

Vignesh
Labels
Top Kudoed Authors