Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiProxy 7.4.5 Administration Guide
    7.4.5
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Create or edit an application sensor

    Create or edit an application sensor

    To create an application sensor, click Create New.

    Configure the following settings and then select OK:

    Name

    The name of the application sensor.

    Comments

    Optional description of the application sensor.

    Categories

    Select an action for All Categories or for each category of applications:

    • Monitor—This action allows the targeted traffic to continue on through the FortiProxy unit but logs the traffic for analysis.

    • Allow—This action allows the targeted traffic to continue on through the FortiProxy unit.

    • Block—This action prevents all traffic from reaching the application and logs all occurrences.

    • Quarantine—This action allows you to quarantine or block access to an application for a specified duration that can be entered in days, hours, and minutes. The default is 5 minutes.

    You can also select View Signatures or View Cloud Signatures to see a list of signatures for some categories.

    Network Protocol Enforcement

    Enable and configure network services on certain ports and determine the violation action. SeeCreate or edit a default network service.

    Protocol enforcement allows you to configure networking services (for example, FTP, HTTP, and HTTPS) on known ports (for example, 21, 80, or 43). For protocols that have not been added to the allowlist for certain ports, the IPS engine performs the violation action to block, allow, or monitor that traffic.

    Application and Filter Overrides

    Application overrides allow you to choose individual applications. To add an application override, see Add or edit an application override.

    Filter overrides can be added based on behavior, application category, popularity, protocol, risk, technology, or vendor subtypes. To add a filter override, see Add or edit a filter override.

    Allow and Log DNS Traffic

    Enable to allow DNS traffic.

    Block applications detected on non-default ports

    For monitor and allow actions, applications are blocked if they are detected on nondefault ports (as defined in FortiGuard application signatures).

    Block actions still block all traffic for the application, regardless of port.

    QUIC

    Select Allow if you want the FortiProxy unit to inspect Google Chrome packets for a QUIC header. Select Block to force Google Chrome to use HTTP2/TLS 1.2.

    Replacement Messages for HTTP-based Applications

    Enable to display replacement messages for HTTP-based applications.

    View Application Signatures

    Select to see a list of predefined application signatures. To create an application signature, see Create or edit an application signature.

    API Preview

    The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
    To use the API Preview:

    1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

    2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

    3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

    4. Click Close to leave the preview.

    To edit an application sensor:

    1. From the application sensor list, select the sensor that you need to edit and then click Edit from the toolbar or double-click on the sensor name in the list. The Edit Application Sensor window opens.

    2. Edit the information as required and then select OK to save your changes.

    Previous
    Next

    Create or edit an application sensor

    Create or edit an application sensor

    To create an application sensor, click Create New.

    Configure the following settings and then select OK:

    Name

    The name of the application sensor.

    Comments

    Optional description of the application sensor.

    Categories

    Select an action for All Categories or for each category of applications:

    • Monitor—This action allows the targeted traffic to continue on through the FortiProxy unit but logs the traffic for analysis.

    • Allow—This action allows the targeted traffic to continue on through the FortiProxy unit.

    • Block—This action prevents all traffic from reaching the application and logs all occurrences.

    • Quarantine—This action allows you to quarantine or block access to an application for a specified duration that can be entered in days, hours, and minutes. The default is 5 minutes.

    You can also select View Signatures or View Cloud Signatures to see a list of signatures for some categories.

    Network Protocol Enforcement

    Enable and configure network services on certain ports and determine the violation action. SeeCreate or edit a default network service.

    Protocol enforcement allows you to configure networking services (for example, FTP, HTTP, and HTTPS) on known ports (for example, 21, 80, or 43). For protocols that have not been added to the allowlist for certain ports, the IPS engine performs the violation action to block, allow, or monitor that traffic.

    Application and Filter Overrides

    Application overrides allow you to choose individual applications. To add an application override, see Add or edit an application override.

    Filter overrides can be added based on behavior, application category, popularity, protocol, risk, technology, or vendor subtypes. To add a filter override, see Add or edit a filter override.

    Allow and Log DNS Traffic

    Enable to allow DNS traffic.

    Block applications detected on non-default ports

    For monitor and allow actions, applications are blocked if they are detected on nondefault ports (as defined in FortiGuard application signatures).

    Block actions still block all traffic for the application, regardless of port.

    QUIC

    Select Allow if you want the FortiProxy unit to inspect Google Chrome packets for a QUIC header. Select Block to force Google Chrome to use HTTP2/TLS 1.2.

    Replacement Messages for HTTP-based Applications

    Enable to display replacement messages for HTTP-based applications.

    View Application Signatures

    Select to see a list of predefined application signatures. To create an application signature, see Create or edit an application signature.

    API Preview

    The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
    To use the API Preview:

    1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

    2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

    3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

    4. Click Close to leave the preview.

    To edit an application sensor:

    1. From the application sensor list, select the sensor that you need to edit and then click Edit from the toolbar or double-click on the sensor name in the list. The Edit Application Sensor window opens.

    2. Edit the information as required and then select OK to save your changes.

    Previous
    Next