Hot!Proxy Policy to filter different User-Agents?

New Member
  • Total Posts : 20
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/10/24 08:39:28
  • Status: offline
2018/11/23 06:40:48 (permalink)

Proxy Policy to filter different User-Agents?

Hi all,
Is there a way to filter on FGT 5.6.x inside a proxy policy by custom User-Agent?
I know there are some specific proxy-source  objects which can be configured with some User-Agents (e.g. Internet Explorer in drop-down list).
In my case I need to filter for a custom User-Agent.
I know it's possible to build customer application signatures but unfortuantely I couldn't find any information on how to build such customer signatures. Is it like SNORT syntax?
In the logs I see that FGT recognizes the User-Agent correctly, so probably there should also be a way to use that information for proxy rules?!
Thanks for feedback
Cheers Thrillseeker 

1 Reply Related Threads

    Expert Member
    • Total Posts : 5082
    • Scores: 311
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Proxy Policy to filter different User-Agents? 2018/11/24 01:31:37 (permalink)
    I wrote article many years back on my custom  UA signature. For HTTPS website you need decryption in order to use the  signature for the obvious reasons and how much of a DPI  resource  hit for decryption and  UA inspection are ?s that you would need to take into considerations

    To answer the 1st part,  I never seen a predefined  UA list  but really haven't  did a lot of  UA filter in a proxy. 
    Ken Felix

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    Jump to:
    © 2018 APG vNext Commercial Version 5.5