Application Control – Fortinet FortiGate

Leave a reply

Allowing only software updates

Some departments at Example Corporation do not require access to the Internet to perform their duties. Management therefore decided to block their Internet access. Software updates quickly became an issue because automatic updates will not function without Internet access and manual application of updates is time-consuming.

The solution is configuring application control to allow only automatic software updates to access the Internet.

To create an application sensor — web-based manager

  1. Go to Security Profiles > Application Control > Application Sensors.
  2. Select the Create New icon in the title bar of the Edit Application Sensor
  3. In the Name field, enter Updates_Only as the application sensor name.
  4. Select OK.
  5. Select the Create New icon in the sensor.
  6. For the Sensor Type select Filter Based.
  7. Enable only Update in the Category
  8. Select Monitor from the Action
  9. Select OK to save the filter to the sensor.

The filter just finished filter will allow all software update application traffic.

10.Select the application filter All Other Known Applications.

11.Select Edit.

12.Select Block from the Action list.

13.Select OK.

The filter just finished filter will block all traffic from recognized applications that are not specified in this application sensor.

14.Select the All Other Unknown Applications entry.

15.Select Edit.

16.Select Block from the Action list.

17.Select OK.

The filter just finished filter will block all traffic from applications that are not recognized by the application control feature.

18.Select Apply to save the application sensor.

To create an application sensor — CLI config application list

edit Updates_Only

config entries

edit 1

set category 17 set action pass end set other-application-action block set unknown-application-action block

end

You will notice that there are some differences in the naming convention between the Web Based Interface and the CLI. For instance the Action in the CLI is “pass” and the Action in the Web Based Manager is “Monitor”.

Selecting the application sensor in a security policy

An application sensor directs the FortiGate unit to scan network traffic only when it is selected in a security policy. When an application sensor is selected in a security policy, its settings are applied to all the traffic the security policy handles.

To select the application sensor in a security policy — web-based manager

  1. Go to Policy > Policy > Policy.
  2. Select a policy.
  3. Select the Edit
  4. Under the heading Security Profiles toggle the button next to Application Control to turn it on.
  5. In the drop down menu field next to the Application Control select the Updates_only
  6. Select OK.

To select the application sensor in a security policy — CLI config firewall policy

edit 1

set utm-status enable set profile-protocol-options default set application-list Updates_Only

end

Traffic handled by the security policy you modified will be scanned for application traffic. Software updates are permitted and all other application traffic is blocked.

 

Pages: 1 2 3 4

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.