Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Create or edit an application sensor

Create or edit an application sensor

To create an application sensor, click Create New.

Configure the following settings and then select OK:

Name

The name of the application sensor.

Comments

Optional description of the application sensor.

Categories

Select an action for All Categories or for each category of applications:

  • Monitor—This action allows the targeted traffic to continue on through the FortiProxy unit but logs the traffic for analysis.

  • Allow—This action allows the targeted traffic to continue on through the FortiProxy unit.

  • Block—This action prevents all traffic from reaching the application and logs all occurrences.

  • Quarantine—This action allows you to quarantine or block access to an application for a specified duration that can be entered in days, hours, and minutes. The default is 5 minutes.

You can also select View Signatures or View Cloud Signatures to see a list of signatures for some categories.

Network Protocol Enforcement

Enable and configure network services on certain ports and determine the violation action. SeeCreate or edit a default network service.

Protocol enforcement allows you to configure networking services (for example, FTP, HTTP, and HTTPS) on known ports (for example, 21, 80, or 43). For protocols that have not been added to the allowlist for certain ports, the IPS engine performs the violation action to block, allow, or monitor that traffic.

Application and Filter Overrides

Application overrides allow you to choose individual applications. To add an application override, see Add or edit an application override.

Filter overrides can be added based on behavior, application category, popularity, protocol, risk, technology, or vendor subtypes. To add a filter override, see Add or edit a filter override.

Allow and Log DNS Traffic

Enable to allow DNS traffic.

Block applications detected on non-default ports

For monitor and allow actions, applications are blocked if they are detected on nondefault ports (as defined in FortiGuard application signatures).

Block actions still block all traffic for the application, regardless of port.

QUIC

Select Allow if you want the FortiProxy unit to inspect Google Chrome packets for a QUIC header. Select Block to force Google Chrome to use HTTP2/TLS 1.2.

Replacement Messages for HTTP-based Applications

Enable to display replacement messages for HTTP-based applications.

View Application Signatures

Select to see a list of predefined application signatures. To create an application signature, see Create or edit an application signature.

API Preview

The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
To use the API Preview:

  1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

  2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

  3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

  4. Click Close to leave the preview.

To edit an application sensor:

  1. From the application sensor list, select the sensor that you need to edit and then click Edit from the toolbar or double-click on the sensor name in the list. The Edit Application Sensor window opens.

  2. Edit the information as required and then select OK to save your changes.

Previous
Next

Create or edit an application sensor

To create an application sensor, click Create New.

Configure the following settings and then select OK:

Name

The name of the application sensor.

Comments

Optional description of the application sensor.

Categories

Select an action for All Categories or for each category of applications:

  • Monitor—This action allows the targeted traffic to continue on through the FortiProxy unit but logs the traffic for analysis.

  • Allow—This action allows the targeted traffic to continue on through the FortiProxy unit.

  • Block—This action prevents all traffic from reaching the application and logs all occurrences.

  • Quarantine—This action allows you to quarantine or block access to an application for a specified duration that can be entered in days, hours, and minutes. The default is 5 minutes.

You can also select View Signatures or View Cloud Signatures to see a list of signatures for some categories.

Network Protocol Enforcement

Enable and configure network services on certain ports and determine the violation action. SeeCreate or edit a default network service.

Protocol enforcement allows you to configure networking services (for example, FTP, HTTP, and HTTPS) on known ports (for example, 21, 80, or 43). For protocols that have not been added to the allowlist for certain ports, the IPS engine performs the violation action to block, allow, or monitor that traffic.

Application and Filter Overrides

Application overrides allow you to choose individual applications. To add an application override, see Add or edit an application override.

Filter overrides can be added based on behavior, application category, popularity, protocol, risk, technology, or vendor subtypes. To add a filter override, see Add or edit a filter override.

Allow and Log DNS Traffic

Enable to allow DNS traffic.

Block applications detected on non-default ports

For monitor and allow actions, applications are blocked if they are detected on nondefault ports (as defined in FortiGuard application signatures).

Block actions still block all traffic for the application, regardless of port.

QUIC

Select Allow if you want the FortiProxy unit to inspect Google Chrome packets for a QUIC header. Select Block to force Google Chrome to use HTTP2/TLS 1.2.

Replacement Messages for HTTP-based Applications

Enable to display replacement messages for HTTP-based applications.

View Application Signatures

Select to see a list of predefined application signatures. To create an application signature, see Create or edit an application signature.

API Preview

The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
To use the API Preview:

  1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

  2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

  3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

  4. Click Close to leave the preview.

To edit an application sensor:

  1. From the application sensor list, select the sensor that you need to edit and then click Edit from the toolbar or double-click on the sensor name in the list. The Edit Application Sensor window opens.

  2. Edit the information as required and then select OK to save your changes.

Previous
Next