Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Abin_FTNT
Staff
Staff

Created on ‎03-23-2017 06:36 AM Edited on ‎02-05-2024 10:09 AM By Moderator

Article Id 196780

Technical Tip: No replacement message for application control when web filter is applied in proxy mode on same firewall policy

Description

When the same firewall policy applied with application control along with web-filter in proxy mode  no replacement message will be generated for application control.

Application control works only on flow based and web filter can be proxy or  flow based.  When web filter is proxy based, the proxy will do SSL inspection and decoded data will be sent to IPS for application control.


Solution

Configure web filter in flow based instead of proxy based.  When web filter is flow based, together with AppCtrl, traffic will be processed inside the IPS engine, including SSL inspection.
config webfilter profile
 edit <profile name>
    set inspection-mode flow-based
   end
end

 

2579
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.