Generative AI is already on your network whether you have approved it or not. Staff paste data into ChatGPT, developers wire up AI agents, and most of it travels inside ordinary encrypted traffic where traditional controls never see it. FortiGate Application Control, powered by FortiGuard, gives you a practical way to see and govern that activity, so AI becomes something you manage rather than something you hope is going well. Here is how it works and how to turn it on.
Recent Fortinet research found that only 15% of organizations feel confident in the security posture of their GenAI-integrated apps, and just 12% feel ready for AI-generated attacks, even as the majority report a rise in AI-assisted threats. The gap is visibility. You cannot apply an acceptable-use policy to a tool you cannot detect, and you cannot prove compliance for AI usage you are not logging.
FortiGuard maintains a dedicated GenAI application category within FortiGate security profiles. By enabling that category in an application control profile, your FortiGate can recognize generative AI services such as ChatGPT and monitor or restrict their use. With deep packet inspection enabled, the firewall gains visibility into AI-related activity and writes detailed log fields, available in both the CLI and the GUI, that show who is using which AI applications and how. That is the foundation for an enforceable AI policy: detect, log, then allow, limit, or block by user group.
Once the GenAI category is detected, you can treat AI like any other managed application. Allow sanctioned tools for the teams that need them, block unsanctioned ones, and use the logs to spot data heading somewhere it should not. Pairing application control with DLP, expanded in FortiOS 8.0, lets you catch sensitive content before it leaves, including text inside images thanks to new OCR scanning.
GenAI application control runs on a FortiGate with an active FortiGuard subscription and enough inspection headroom to enable deep packet inspection without hurting throughput. Current-generation appliances like the FortiGate 121G handle this comfortably for most SMBs and branches; you can compare options on our FortiGate firewalls page. If you would rather have the profiles built, tuned, and monitored for you, our managed security services include application control and reporting.
Yes. Using the FortiGuard GenAI application category in an application control profile, a FortiGate can detect, monitor, restrict, or block generative AI services such as ChatGPT, by user or group.
Deep packet inspection gives the fullest visibility into AI-related activity and the richest log fields. Plan for an appliance and FortiGuard subscription that can run inspection at your throughput.
Yes. Application control signatures, including the GenAI category, come from FortiGuard. DataCenter360.ca can supply the right subscription for your FortiGate.
We will configure FortiGate application control and the reporting your team needs. Tell us your model and we will quote, usually same day.