The unusually high number of unknown applications by category in the daily report for application usage can be attributed to the following reasons:
Certificate Inspection is not being used to scan application traffic:
Without certificate inspection, encrypted traffic cannot be adequately analyzed, leading to a higher number of unknown applications.
Certificate inspection allows the FortiSASE to decrypt and inspect HTTPS traffic, identifying applications correctly.
Deep Inspection is not being used to scan traffic:
Deep inspection goes beyond basic traffic analysis, performing thorough examination of packet contents to identify applications accurately.
If deep inspection is not enabled, many applications may go unrecognized and categorized as unknown.
References:
FortiOS 7.2 Administration Guide: Details on certificate inspection and deep inspection configurations.
FortiSASE 23.2 Documentation: Explains the importance of deep inspection and certificate inspection in accurate application identification.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit