Scribd
Upload
53 views6 pages

39-Application Control

Uploaded by

Ismail Kurnaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
53 views6 pages

39-Application Control

Uploaded by

Ismail Kurnaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Application Control:

o FortiGate’s can recognize network traffic generated by a large number of applications.


o The Application control sensors specify what action to take with the application traffic.
o Application control uses IPS protocol decoders that can analyze network traffic to detect.
o Detect application traffic, even if the traffic uses the non-standard ports or the protocols.
o In FortiGate Firewall application control supports traffic detection using HTTP protocol.
o There includes three preloaded application sensors, default, wifi-default & block-high-risk.
o Customize these sensors or can create own to log & manage applications on the network.
o Once Application Control configured, can add the application sensor to the firewall policy.
o App Control functionality requires a subscription to the FortiGuard Application Control.
o Once created an application sensor, can define the applications that you want to control.
o Can add applications & filters using categories, application overrides, &/or filter overrides.
o App Control categories allow you to choose groups of signatures based on a category type.

Categories Choose groups of signatures based on a category type.


Application overrides Choose individual applications.
Filter overrides Select groups of applications and override the application signature
settings for them.

There includes three preloaded application sensors, default, wifi-default & block-high-risk

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Category Application Control Filters:
Go to Security Profiles > Application Control. Under Categories, left click the icon next to the
category name to view a dropdown of actions, Allow, Monitor, Block, Quarantine, and View
signatures and Select OK.

To attach an Application Control profile to a firewall policy, Go to Policy & Objects > IPv4 Policy.
Edit the policy that you want to enable Application Control Profile. In the Security Profiles
section, enable Application Control and select the profile created.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Verification & Testing:
Validate the URL filter results by going to a blocked website. Go to the Facebook website, you
see the replacement message.

To check web filter logs in the GUI, Go to Log & Report > Application Control.

To check web filter logs in the GUI, Go to Log & Report > Forward Traffic.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Application Filter Overrides:
Go to Security Profiles > Application Control. Under the Application and Filter Overrides table,
click Create New. To add individual applications: Select Application as the Type. Choose an
action to be associated with the application. Click the + button in the Application field and
choose the specific applications from the list where app signatures are displayed. Multiple
applications may be selected.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Verification & Testing:
Validate the URL filter results by going to a blocked website. Go to the Facebook website, you
see the replacement message.

To check web filter logs in the GUI, Go to Log & Report > Application Control.

Allow Allows the targeted traffic to continue on through the FortiGate.


Monitor This action allow the targeted traffic to continue on through the FortiGate unit
but logs the traffic for analysis.
Block Prevents all traffic from reaching the application and logs all occurrences.

Quarantine This action allows you to quarantine or block access to an application for a
specified duration that can be entered in days, hours, and minutes. The
default is 5 minutes.

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Port Enforcement Check:
o Most networking applications run on specific ports. For example, SSH runs on port 22.
o Most networking Application run on specific port like Facebook runs on ports 80 and 443.
o In FortiGate FW If the default network service is enabled in the Application Control profile.
o A port enforcement check is done at the application profile level in the Application Control.
o Any detected application signatures running on the non-standard TCP/IP port are blocked.
o This means that each application allowed by the app control sensor is only run default port.

Protocol Enforcement:
setup protocol enforcement , Go to Security Profiles > Application Control. Create a new
application sensor or edit an existing one. Enable Network Protocol Enforcement. Enforcement
entries can be created, edited, or deleted to configure network services on certain ports and
determine the violation action. Click Create New in the Network Protocol Enforcement table.

In the New Default Network Service pane: Enter a Port number. Select Enforced protocols.
Choose the Violation action. Click OK and Click OK.

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

You might also like