Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sebastan_bach
New Contributor

application control is broken in 5.6 in Policy mode

Hi, 

 

We are seeing a strange issue using application control on our Fortigate running 5.6 in the new policy mode. 

Rule-1 Allow - Service - DNS

Rule 2 Allow - Service - HTTPS - Application -Youtube

Rule-3 Allow - Service - HTTPS - Application - Facebook

Rule-4 Allow - Service - HTTP/HTTPS - Application - HTTP.Browser/HTTPS.Browser

 

We are able to access Youtube and Facebook but we are not able to surf any other websites. Even though the logs say that traffic is matched by by Rule-4. We moved Rule-4 to the top below the DNS rule to find out that HTTPS websites work but not the HTTP websites. 

 

I modified the rule as below to isolate the problem

 

Rule-4 Allow - Service - HTTP - Application - HTTP.Browser. This rule would be matched by Fortinet seen the logs but no HTTP websites would work. I modified the application from HTTP.Browser to FireFox.Browser or Chrome.Browser only then HTTP websites were accessible. Looks like the HTTP.Browser application is broken and does not work. 

 

So now I moved the rule below the stack as before but with application Firefox.Browser and HTTPS.Browser. But unfortunately we are seeing the same results. Again if we move this rule top in the stack we are able to access http and https websites. 

 

Can someone please correct me where I am going wrong. I don't think there is anything wrong with the rule logic. 

 

Sebastan

3 REPLIES 3
bommi
Contributor III

Hi,

 

in my private installation I use this applications combined in one policy:

 

HTTP.Browser

HTTPS.Browser

FireFox.Browser

Chrome.Browser

 

Could you try if it starts working for you as well?

 

Regards

bommi

NSE 4/5/7

NSE 4/5/7
sebastan_bach

Hi Bommi, 

 

Can you please elaborate. Did you replicate my rulebase? in which rule did you add all the applications in single rule. 

 

please share your results. 

 

Sebastan

sebastan_bach

has anyone got this working yet.

 

Sebastan

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors