Cookbook

Home FortiGate / FortiOS 6.2.2 Cookbook

6.2.2

Basic category filters and overrides

Once you have created an application sensor, you can define the applications that you want to control. You can add applications and filters using categories, application overrides, and/or filter overrides.

Categories: Choose groups of signatures based on a category type.
Application overrides: Choose individual applications.
Filter overrides: Select groups of applications and override the application signature settings for them.

Application and filter overrides

Override type	Setting
Application	Type: Choose Application for application overrides.
	Action: Can be set to Monitor/Allow/Block/Quarantine.
	Application: Multiple app signatures can be added for one entry. A slide-in presenting an application list will be shown to select specific app signatures, and the search box can be used to filter matched signatures.
Filter	Type: Choose Filter for filter overrides.
	Action: Can be set to Monitor/Allow/Block/Quarantine.
	Filter: Filters can be selected by behavior, application category, technology, popularity, protocol, risk, or vendor subtypes.
	Search box: Can be used to determine if the input signature is included in selected filters, where matched applications are shown at the bottom.

To set overrides in the CLI:

config application list
    edit {id}
        config entries
            edit 1
                set protocols <0-47>    #network protocol ID
                set risk <id>
                    *level    Risk of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical).
                set vendor <0-25>       #vendor ID
                set technology <id>
                    All          All
                    0            Network-Protocol
                    1            Browser-Based
                    2            Client-Server
                    4            Peer-to-Peer
                set behavior <id>
                    All          All
                    2            Botnet
                    3            Evasive
                    5            Excessive-Bandwidth
                    6            Tunneling
                    9            Cloud
                set popularity <1-5>    #Popularity level 1-5
                set action {pass | block | reset}
                    pass     Pass or allow matching traffic.
                    block    Block or drop matching traffic.
                    reset    Reset sessions for matching traffic.
                set log {enable | disable}
            next
        end
    next
end

To set overrides in the GUI:

Go to Security Profiles > Application Control.
Under the Application and Filter Overrides table, click Create New.
To add individual applications:
1. Select Application as the Type.
2. Choose an action to be associated with the application.
3. Click the + button in the Application field and choose the specific applications from the list where app signatures are displayed. Multiple applications may be selected.
4. Click OK.
To add advanced filters:
1. Create another entry in the Application and Filter Overrides table.
2. Select Filter as the Type.
3. Select Cloud under the behavior section from the Select Entries list.
  Matched signatures are shown along the bottom.
4. Click OK.

Basic category filters and overrides

Categories: Choose groups of signatures based on a category type.
Application overrides: Choose individual applications.
Filter overrides: Select groups of applications and override the application signature settings for them.

Application and filter overrides

Override type	Setting
Application	Type: Choose Application for application overrides.
	Action: Can be set to Monitor/Allow/Block/Quarantine.
	Application: Multiple app signatures can be added for one entry. A slide-in presenting an application list will be shown to select specific app signatures, and the search box can be used to filter matched signatures.
Filter	Type: Choose Filter for filter overrides.
	Action: Can be set to Monitor/Allow/Block/Quarantine.
	Filter: Filters can be selected by behavior, application category, technology, popularity, protocol, risk, or vendor subtypes.
	Search box: Can be used to determine if the input signature is included in selected filters, where matched applications are shown at the bottom.

To set overrides in the CLI:

config application list
    edit {id}
        config entries
            edit 1
                set protocols <0-47>    #network protocol ID
                set risk <id>
                    *level    Risk of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical).
                set vendor <0-25>       #vendor ID
                set technology <id>
                    All          All
                    0            Network-Protocol
                    1            Browser-Based
                    2            Client-Server
                    4            Peer-to-Peer
                set behavior <id>
                    All          All
                    2            Botnet
                    3            Evasive
                    5            Excessive-Bandwidth
                    6            Tunneling
                    9            Cloud
                set popularity <1-5>    #Popularity level 1-5
                set action {pass | block | reset}
                    pass     Pass or allow matching traffic.
                    block    Block or drop matching traffic.
                    reset    Reset sessions for matching traffic.
                set log {enable | disable}
            next
        end
    next
end

To set overrides in the GUI:

Go to Security Profiles > Application Control.
Under the Application and Filter Overrides table, click Create New.
To add individual applications:
1. Select Application as the Type.
2. Choose an action to be associated with the application.
3. Click the + button in the Application field and choose the specific applications from the list where app signatures are displayed. Multiple applications may be selected.
4. Click OK.
To add advanced filters:
1. Create another entry in the Application and Filter Overrides table.
2. Select Filter as the Type.
3. Select Cloud under the behavior section from the Select Entries list.
  Matched signatures are shown along the bottom.
4. Click OK.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Cookbook

Basic category filters and overrides

Basic category filters and overrides

Categories

To set category filters in the CLI:

To set category filters in the GUI:

Application and filter overrides

To set overrides in the CLI:

To set overrides in the GUI:

Basic category filters and overrides

Basic category filters and overrides

Categories

To set category filters in the CLI:

To set category filters in the GUI: