Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sean_Whalen
New Contributor II

"Failed to save changes" when creating a custom application signature

I'm trying to create a new application signature for the game Fallout 76, which uses the UDP port 3000 F-SBID( --name "game.fallout76"; --protocol udp; --dest_port=3000;) But get an error saying "Failed to save changes" when I click OK. Why?

6 REPLIES 6
tanr
Valued Contributor II

Is it supposed to be dst_port, not dest_port?

ede_pfau
Esteemed Contributor III

It's 'dst-port'.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Sean_Whalen

Opps. It should be dst_port, but even after changing that, it still gives the same error

ede_pfau
Esteemed Contributor III

OK, I've got it working.

First, the option "attack_id" is needed. Value between 1000 and 9999.

Then, I masked the quotation marks in the name (as per CLI).

Then, it must be "--dst_port 3000", that is, no equal sign between option and value.

 

So,

config ips custom
    edit "test"
        set signature "F-SBID( --attack_id 1666; --name \"game.fallout76\"; --protocol udp; --dst_port 3000;)"
        set comment ''

 

    next
end

How did I find out?

 

diag debug enable

 

diag debug cli 7 Then, enter the lines and type "next". Syntax check is done at this moment.

For example,

Error:
Line 1 offset 68 option "dst_port=3000" value ""
protocol udp; --dst_port=3000;)
unknown option:dst_port=3000
parse custom rule error
object set operator error, -2 discard the setting
Command fail. Return code 1


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Sean_Whalen

It's not an IPS rule though, it needs to be a custom application control rule.

Sean_Whalen

I figured it out :)


config application custom
    edit "Fallout 76"
        set comment ''
        set signature "F-SBID(--name \"game.fallout76\"; --protocol udp; --dst_port 3000:3001;)"
        set category 8
        set protocol UDP
        set technology Client-Server
        set vendor Other
    next
end

 

Labels
Top Kudoed Authors