Information
Ensure no category is set to 'Allow' on FortiGate Application Control.
Rationale:
Any category that is set as 'Allow' on Application Control will not be logged. This creates a visibility gap on security investigation. This includes 'Unknown Applications' category.
Impact:
Visibility gap, which affects incident forensics and response.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
On GUI:
1. Go to 'Security Profiles' > 'Application Control'.
2. Select the relevant App Control profile.
3. Change any categories with 'Allow' action to 'Monitor'.
Default Value:
'Unknown Applications' category is set as 'Allow'.