Application considerations
Some applications behave differently from most others. You should be aware of these differences before using application control to regulate their use.
IM applications
IM applications are controlled by either permitting or denying the users from logging in to the service. Individual IM accounts are configured as to whether or not they are permitted and then there is a global policy for how to action unknown users, by the application and whether to add the user to the black list or the white list. IM applications fall under the Collaboration category in the application signature database.
Application control monitor
Skype
Based on the NAT firewall type, Skype takes advantage of several NAT firewall traversal methods, such as STUN (Simple Traversal of UDP through NAT), ICE (Interactive Connectivity Establishment) and TURN (Traversal Using Relay NAT), to make the connection.
The Skype client may try to log in with either UDP or TCP, on different ports, especially well-known service ports, such as HTTP (80) and HTTPS (443), because these ports are normally allowed in firewall settings. A client who has previously logged in successfully could start with the known good approach, then fall back on another approach if the known one fails.
The Skype client could also employ Connection Relay. This means if a reachable host is already connected to the Skype network, other clients can connect through this host. This makes any connected host not only a client but also a relay server.
SPDY
SPDY (pronounced speedy, it’s a trademarked name not an acronym) is a networking protocol developed to increase the speed and security of HTML traffic. It was developed primarily by Google. The Application Control engine recognizes this protocol and its required SSL/TLS component within Application Control sensors. It is counted as part of application traffic for Google and other sources that use the protocol.
Application control monitor
The application monitor enables you to gain insight into the applications generating traffic on your network. When monitor is enabled in an application sensor entry and that security profile is selected in a security policy, all the detected traffic required to populate the selected charts is logged to the SQL database on the FortiGate unit hard drive. The charts are available for display in the Applications section of the FortiView menu.
Application monitor data is stored on the hard drive and restarting the system does not affect the stored monitor data.
Application control data is available in Log & Report, if enabled.
How to effectively block access to the internet, but allowing access to Windows updates. ?
This solution : …configuring application control to allow only automatic software updates to access the Internet. – DONT WORK – Microsoft needed HTTPS Browser allow to get updates but then you can launch any website 🙂
Hi Mike,
If I set a category to monitor, what extra information do I get? Where is the additional information/analysis stored? Does it get stored on the FAZ if I am logging to FAZ? So many questions about the “Monitor” setting…