Hot!Proxy Policy to filter different User-Agents?

Author
thrillseeker
New Member
  • Total Posts : 20
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/10/24 08:39:28
  • Status: offline
2018/11/23 06:40:48 (permalink)
0

Proxy Policy to filter different User-Agents?

Hi all,
 
Is there a way to filter on FGT 5.6.x inside a proxy policy by custom User-Agent?
I know there are some specific proxy-source  objects which can be configured with some User-Agents (e.g. Internet Explorer in drop-down list).
 
In my case I need to filter for a custom User-Agent.
I know it's possible to build customer application signatures but unfortuantely I couldn't find any information on how to build such customer signatures. Is it like SNORT syntax?
 
In the logs I see that FGT recognizes the User-Agent correctly, so probably there should also be a way to use that information for proxy rules?!
 
Thanks for feedback
Cheers Thrillseeker 
#1

1 Reply Related Threads

    emnoc
    Expert Member
    • Total Posts : 5082
    • Scores: 311
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Proxy Policy to filter different User-Agents? 2018/11/24 01:31:37 (permalink)
    0
    I wrote article many years back on my custom  UA signature. For HTTPS website you need decryption in order to use the  signature for the obvious reasons and how much of a DPI  resource  hit for decryption and  UA inspection are ?s that you would need to take into considerations
     
    http://socpuppet.blogspot.com/2014/06/using-fortigate-firewall-to-find-and.html
     
    To answer the 1st part,  I never seen a predefined  UA list  but really haven't  did a lot of  UA filter in a proxy. 
     
    Ken Felix

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #2
    Jump to:
    © 2018 APG vNext Commercial Version 5.5