- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
applications not resolved
hi folks, running on FGT 90D ver 5.2.1 under System>All Sessions under Application Column why its not resolving? Any guess how to fix this one? Kindly see the attached image. thanks
Fortigate Newbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
you need to verify 2 things.
1) You need to have application control sensor enabled with logging on the firewall policy allowing outbound traffic. This will log the correct application names config application list edit <sensor name> set extended-utm-log enable set unknown-application-action <pass|block> end
2) check the log Severity
# config log <memory/disk> filter # set severity information # end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
wahtever you do meaning base on logging absolut prerequisit is a full log config with all aspects. This meas acutally following positions are responsible for resolving ip/host/apps:
5.0
# config log setting
# set resolve-apps enable # set resolve-hosts enable # set resolve-ip enable
5.2
# config log setting
# set resolve-ip enable # set resolve-port enable
# config log gui-display # set location [Gebe an forticloud | memory | disk | fortianalyzer | syslogd] # set resolve-hosts [enable | disable] # set resolve-apps [enable | disable]
This means look at following entry here in this forum which shows for 5.0/5.2 a full config of log. Go through this config and you will see there is more as only a option behind logging :) Please keep in mind that the DNS server used to resolve host and Ip are importante this means internal host can only be resolved within logging if a suitable DNS server is used on the FortiGate System DNS config. I think you understand what I mean:
https://forum.fortinet.com/tm.aspx?m=114371
have fun....
Andrea
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
It might be torrent peers.
Regards
Bikash
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Does this happening with all the applications.
Simply try nslookup <ip> and see if you getting any fqdn associated with that.If not then this is correct behaviour.
Regards,
Sushil