FortiClient can recognize the traffic generated by a large number of applications. You can create rules to block or allow this traffic per category, or application.
In FortiClient, the application firewall feature is enabled in the FortiClient Profile. The profile includes application firewall configuration.
The FortiClient Endpoint Control feature enables the site administrator to distribute an Application Control sensor from FortiGate/EMS.
On the FortiGate, the process is as follows:
l Create an Application Sensor and Application Filter on the FortiGate, l Add the Application Sensor to the FortiClient Profile on the FortiGate.
On EMS, the application firewall is part of the endpoint profile.
Step 1: Create a custom Application Control Sensor
- Log in to your FortiGate.
- In the left tree menu, select Security Profiles > Application Control.
- To create a new sensor, click the Create New icon in the toolbar. The New Application Sensor page is displayed.
- Configure the following options:
|Name||Enter a unique name for the application sensor.|
|Comments||Enter an option comment for the application sensor.|
|Categories||Select categories to allow or block.|
|Allow||The application category or application signature will be allowed in FortiClient Application Firewall.|
|Monitor||The application category or application signature will be allowed in FortiClient Application Firewall.
FortiClient will allow application traffic but will not monitor.
|Block||The application category or application signature will be blocked in FortiClient Application Firewall.|
|View Signatures||Select to view signatures and add filters to the category.|
|Application Overrides||Select Add Signatures to add application signatures and set the category. An application which belongs to a blocked category can be set to allow.|
|Filter Overrides||Select Add Filter to add filters to the sensor.|
|Options||The options set in the FortiOS application sensor are ignored by FortiClient application firewall.|
- Select OK to save the sensor.
Step 2: Add the Application Control Sensor to the FortiClient Profile
- In the left tree menu, select Security Profiles > FortiClient Profiles.
- Select the FortiClient Profile and select Edit in the toolbar. The Edit FortiClient Profile page is displayed.
- In the right pane, turn on the Application Firewall, then select an Application Sensor from the Application Control list drop-down list.
- Select Apply to save the profile.
The FortiGate will send the FortiClient Profile configuration update to registered clients.
The Application Firewall tab is now available in FortiClient.
To add application firewall to an endpoint profile:
- Go to Endpoint Profiles and either select a profile to edit, or create a new profile.
- Select the Application Firewall
- Select the on/off button to add application firewall to the profile.
- Adjust the settings as required, then select Save to save your changes.
View application firewall profile
To view the application firewall profile, select Show all.
View blocked applications
To view blocked applications, select the Applications Blocked link in the FortiClient console. This page lists all applications blocked in the past seven days, including the count and time of last occurrence.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!