To grant access to a specific application while blocking its parent category, you must create an application override. The Allow action is used within an Application Control profile to explicitly permit traffic for a specified application (CNN) that would otherwise be blocked by a more general category rule (blocking all Video/Audio). This creates a specific exception to the general policy. The traffic allowed by this rule will still be processed by other security profiles, ensuring comprehensive security.

B. Pass: This is not a valid action in Fortinet's Application Control override settings. The term typically implies passing traffic to another inspection engine without a verdict.

C. Permit: While synonymous with "allow," Allow is the specific term used in the FortiSASE and FortiOS configuration interfaces for this action.

D. Exempt: This action not only allows the traffic but also bypasses further inspection by other security profiles (like Web Filter, Antivirus). This is not required by the scenario, making Allow the more precise choice.

1. FortiSASE Administration Guide: In the section describing Application Control

the configuration of overrides is detailed. It specifies the available actions for an override rule.

Reference: FortiSASE Administration Guide

"Security > Application Control" section. The guide states that when creating an "Application and Filter Override

" the available actions are Allow

Monitor

Block

and Quarantine. The Allow action is used to permit a specific application.

2. FortiOS Administration Guide: FortiSASE is built upon FortiOS

and the Application Control functionality is fundamentally the same.

Reference: FortiOS 7.4 Administration Guide

"Security Profiles > Application Control" chapter

"Application and filter overrides" section. It documents: "You can override the Application Control category settings for an application by setting the Action to Allow

Monitor

Block

or Quarantine." This confirms Allow is the correct action to create an exception to a blocked category.