Information
Ensure no category is set to 'Allow' on FortiGate Application Control.
Rationale:
Any category that is set as 'Allow' on Application Control will not be logged. This creates visibility gap on security investigation. This includes 'Unknown Applications' category.
Impact:
Visibility gap, affects incident forensics and response.
Solution
Review Application Control Security Profiles and validate that no 'Allow' action is set on any categories.
Default Value:
'Unknown Applications category is set as 'Allow'