Application Control – Fortinet FortiGate

Leave a reply

Viewing and searching the application list

Go to Security Profiles > Application Control > Application List to view the list of applications the FortiGate unit recognizes. You may find applications by paging manually through the list, apply filters, or by using the search field.

Searching manually

Applications are displayed in a paged list, with 50 applications per page. The bottom of the screen shows the current page and the total number of pages. You can enter a page number and press enter, to skip directly to that page. Previous Page and Next Page buttons move you through the list, one page at a time. The First Page and Last Page button take you to the beginning or end of the list.

Applying application list filters

You can enter criteria for one or more columns, and only the applications matching all the conditions you specify will be listed.

To apply filters

  1. Go to Security Profiles > Application Control > Application List.
  2. Goto the column you intend to filter by and select the filter icon in the heading to the left of the column name.
  3. A small window will appear which will have a field for the value to intend to filter by and a checkbox for NOT so that you can choose to view all of the values except the one you enter into the field. You can also input multiple values if you separate them using commas.
  4. Select Apply.
  5. Continue to add more filters to narrow your search, if required.
  6. Select OK.

Creating a New Custom Application Signature

If you have to deal with an application that is not already in the Application List you have the option to create a new one.

Creating a new Application Filter

  1. Go to Security Profiles > Application Control > Application List.
  2. Select Create New.
  3. The New Custom Application Signature window will appear.
  4. In the Name field give the new signature a unique name.
  5. In the Comments field give a brief discription of the application or what you intend to filter by.
  6. In the Signature field include the signature that you intend to base your application filtering on. For more details on how to design a signature see “Creating a custom IPS signature” on page 74
  7. As an optional step you can select the Submit Signature link to submit your newly created signature to Fortiguard for possible inclusion in future predefined application lists.

8.

Enabling application traffic shaping

Enabling traffic shaping in an application sensor involves selecting the required shaper. You can create or edit shapers in Firewall Objects > Traffic Shaper > Shared.

To enable traffic shaping

  1. Go to Security Profiles > Application Control > Application Sensors.
  2. Select an application sensor from the drop-down list in the Edit Application Sensor window title bar.
  3. Select the application control list entry and choose Edit.
  4. Select Traffic Shaping and choose the required traffic shaper from the list.

If the action is set to Block, the traffic shaping option is not available. Only allowed traffic can be shaped.

  1. Select Reverse Direction Traffic Shaping and choose the required traffic shaper from the list if traffic flowing in the opposite direction also requires shaping.
  2. Select OK.

Any security policy with this application sensor selected will shape application traffic according to the applications specified in the list entry and the shaper configuration.

Application control examples

Blocking all instant messaging

Instant messaging use is not permitted at the Example Corporation. Application control helps enforce this policy.

First you will create an application sensor with a single entry that includes all instant messaging applications. You will set the list action to block.

To create the application sensor

  1. Go to Security Profiles > Application Control > Application Sensors.
  2. Select the Create New icon in the title bar of the Edit Application Sensor
  3. In the Name field, enter no_IM for the application sensor name.
  4. Select OK.
  5. Select the Create New icon in the sensor.
  6. For the Sensor Type select Filter Based.
  7. For Category, select only IM.
  8. For Popularity, Technology and Risk, make sure that all of the options are selected.
  9. For Action, select Block.

10.Select OK to save the new filter.

11.Select Apply to save the sensor.

Next you will assign the sensor to a policy.

To enable application control and select the application sensor

  1. Go to Policy > Policy > Policy.
  2. Select the security policy that allows the network users to access the Internet and choose Edit.
  3. Under the heading Security Profiles toggle the button next to Application Control to turn it on.
  4. In the drop down menu field next to the Application Control select the no_IM application sensor.
  5. Select OK.

No IM use will be allowed by the security policy. If other firewall policies handle traffic that users could use for IM, enable application control with the no IM application sensor for those as well.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.