Description
This article explains how to create an Application Sensor or add Application Control signatures through CLI or SSH login.
Scope
FortiGate.
Solution
- Create the Application Sensor:
FGT # config application list
FGT (list) # edit app_ctrl_name
new entry 'app_ctrl_name' added
- Enable logging for all applications
FGT (app_ctrl_name) # set other-application-log enable
- Configure the entries to be inspected
FGT (app_ctrl_name) # config entries
FGT (entries) # edit 1 ----> Categories will be set up in this entry)
new entry '1' added
FGT (1) # set category ? ----> ? shows the category ID, in this example category Proxy ID 6 will be selected
ID Select Category ID*
2 P2P
6 Proxy
7 Remote.Access
*
FGT (1) # set category 6
FGT (1) # set action block ----> Set the action Block/Pass, the default is block
FGT (1) # next
FGT (entries) # edit 2 ----> In this entry specific applications will be configured, for example Facebook.
new entry '2' added
FGT (2) # set application ?
ID Select application ID
*
15832 Facebook
23813 Facebook_AppName
17735 Facebook_Apps
29210 Facebook_Like.Button
40934 Facebook_Messenger.Image.Transfer
40935 Facebook_Messenger.Video.Transfer
40933 Facebook_Messenger.VoIP.Call39381 Facebook_Messenger.Voice.Message
43448 Facebook_Personal
22922 Facebook_Plugins
35523 Facebook_Search
17399 Facebook_Video.Play
43449 Facebook_Workplace
*
FGT (2) # set application 15832 23813 23813 17735 17735 29210 29210 40934 40935 40933 39381 43448 22922 35523 17399 43449 ----> Select the application ID.
FGT (2) # set action block
FGT (2) # next
FGT (entries) # end
FGT (app_ctrl_name) # next
FGT (list) # end
The configuration would be as per below:
config application lis
edit "app_ctrl_name"
set other-application-log enable
config entries
edit 1
set category 6
next
edit 2
set application 15832 23813 17735 29210 40934 40935 40933 39381 43448 22922 35523 17399 43449
next
end
next
end
