Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
N_W
New Contributor II

Created on ‎03-15-2024 12:02 AM

Forti Rule and Application İssue

Hello, I have a FortiGate device running on version 7.2.7 in proxy-based mode. I noticed that despite some users having WhatsApp allowed in their respective policies, they are unable to perform file transfers intermittently. While some users can occasionally perform transfers, others cannot, even though they are subject to the same policy. Upon reviewing logs, I observed that some users get stuck at the "File_Transfer" stage while others do not, despite being under the same rule. This situation has left me confused, and I would appreciate your insights. Thank you.

whatsapp-rule.PNG

whatsapp-log-allow.PNG

whatsapp-log-deny.PNG

whatsapp.PNG

    

Labels:
245
0 Kudos
5 REPLIES 5
ozkanaltas
Contributor III

Created on ‎03-15-2024 12:29 AM Edited on ‎03-15-2024 12:32 AM

Hello @N_W ,

 

Can you add the signature "WhatsApp_Web_File.Upload" and "WhatsApp_File.Transfer" to your app control profile? In my opinion, sometimes FortiGate misses some package about upload. Because of that, some users can send files via WhatsApp some users can't.

 

I think it will work once you do this.

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
230
0 Kudos
N_W
New Contributor II
In response to ozkanaltas

Created on ‎03-15-2024 12:35 AM

Hello, thank you for getting back. Since I'm using NGFW MODE: Proxy-based, I don't have Application Control in my Security Profile. So, when writing rules, only the Application comes under the Service, and unfortunately, nothing other than WhatsApp and WhatsApp_Web appears there. Just to let you know. Have a good day

whatsapp-----.PNG

222
0 Kudos
ozkanaltas
Contributor III
In response to N_W

Created on ‎03-15-2024 01:44 AM Edited on ‎03-15-2024 01:45 AM

Hello @N_W

 

You are right, cannot add these signatures directly to the policy. But you can create an application group in the "Policy&Object->Application" menu with these signatures. 

 

image.png

 

After that configuration, you can use this group in the policy. 

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
210
0 Kudos
N_W
New Contributor II
In response to ozkanaltas

Created on ‎03-15-2024 02:00 AM

Thank you very much for your interest and attention. I followed your advice as you suggested. Now, I am awaiting the results. However, I have a question regarding WhatsApp file uploads. It requires SSL deep inspection, but the security profiles section doesn't have the deep inspection option. Moreover, since end users connect via their phones, even if there were such an option, I wouldn't be able to install the certificate on their devices. I considered implementing DNS filtering, but I suspect that might not suffice. Perhaps I'm missing some crucial information. Thank you for your response and for dedicating your valuable time. Regards.

203
0 Kudos
ozkanaltas
Contributor III
In response to N_W

Created on ‎03-15-2024 02:25 AM

Hello @N_W ,

 

You're welcome I hope I solved your problem.

 

In NGFW policy mode, you can configure ssl-inspection rule in "Policy&Object -> SSL-Inspection & Authentication" menu.

 

But if your client just connects with a mobile phone. You don't need to configure ssl-inspection. SSL inspection is just required for WhatsApp Web.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
199
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.