The UTM (application control) features have been very important, because they have solved many issues that other firewall providers have not developed as Fortinet has.
A clear example of this feature advantages is blocking and allowing the Google suite. For example, without UTM, we would not have been able to execute some customer requirements like this one:
A customer asked us that some host on their LAN is going to be assigned to be a POS workstation. They needed that workstation to have permissions to some applications and some URLs, and they needed to block users from opening sites like YouTube, Google+, and Google Drive, but they needed to get in to some POS URLs hosted in the Google cloud. We were working with rules allowing some specified URLs, but it didn’t work because the subnetting IP address the customer needed to be allowed, sometimes matched the YouTube service. Google support engineers told us they rotate their IP addressing subnets to be more secure and they do not always attach an IP address to a domain name. So, sometimes the customer’s workstations were able to open YouTube sites too.
The way we could block YouTube and allow the customer POS URLs sites, was by configuring an application control sensor, where we were able to block some categories like this:
Another requirement was to allow some specified applications, so we configured the next sensor structure:
Another customer reported to us they had issues working with Gmail attachment files; they could not do it. Executing some packet captures and with the Fortinet TAC help, we found they were using the latest Chrome versions that use the QUIC Google protocol, which is not supported by Fortinet because it is not a valid protocol. We proceeded to block the QUIC protocol using an application control sensor.
After this blocking action, the customer was able to work without any issue.