Application Firewall

Application Firewall

FortiClient can recognize the traffic generated by a large number of applications. You can create rules to block or allow this traffic per category, or application.

In FortiClient, the application firewall feature is enabled in the FortiClient Profile. The profile includes application firewall configuration.

The FortiClient Endpoint Control feature enables the site administrator to distribute an Application Control sensor from FortiGate/EMS.

On the FortiGate, the process is as follows:

l Create an Application Sensor and Application Filter on the FortiGate, l Add the Application Sensor to the FortiClient Profile on the FortiGate.

On EMS, the application firewall is part of the endpoint profile.

FortiGate

Step 1: Create a custom Application Control Sensor

  1. Log in to your FortiGate.
  2. In the left tree menu, select Security Profiles > Application Control.
  3. To create a new sensor, click the Create New icon in the toolbar. The New Application Sensor page is displayed.

Application Firewall

  1. Configure the following options:
Name   Enter a unique name for the application sensor.
Comments   Enter an option comment for the application sensor.
Categories   Select categories to allow or block.
Allow   The application category or application signature will be allowed in FortiClient Application Firewall.
Monitor   The application category or application signature will be allowed in FortiClient Application Firewall.

FortiClient will allow application traffic but will not monitor.

Block   The application category or application signature will be blocked in FortiClient Application Firewall.

Application Firewall

View Signatures Select to view signatures and add filters to the category.
Application Overrides Select Add Signatures to add application signatures and set the category. An application which belongs to a blocked category can be set to allow.
Filter Overrides Select Add Filter to add filters to the sensor.
Options The options set in the FortiOS application sensor are ignored by FortiClient application firewall.
  1. Select OK to save the sensor.

Step 2: Add the Application Control Sensor to the FortiClient Profile

  1. In the left tree menu, select Security Profiles > FortiClient Profiles.
  2. Select the FortiClient Profile and select Edit in the toolbar. The Edit FortiClient Profile page is displayed.
  3. In the right pane, turn on the Application Firewall, then select an Application Sensor from the Application Control list drop-down list.
  4. Select Apply to save the profile.

The FortiGate will send the FortiClient Profile configuration update to registered clients.

The Application Firewall tab is now available in FortiClient.

EMS

To add application firewall to an endpoint profile:

  1. Go to Endpoint Profiles and either select a profile to edit, or create a new profile.
  2. Select the Application Firewall

Application Firewall

  1. Select the on/off button to add application firewall to the profile.
  2. Adjust the settings as required, then select Save to save your changes.

View application firewall profile

To view the application firewall profile, select Show all.

Application Firewall

View blocked applications

To view blocked applications, select the Applications Blocked link in the FortiClient console. This page lists all applications blocked in the past seven days, including the count and time of last occurrence.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.