Introduction to AppCtrl sensors

FortiGate units can detect and take action against network traffic depending on the application generating the traffic. Based on FortiGate Intrusion Protection protocol decoders, application control is a user-friendly and powerful way to use Intrusion Protection features to log and manage the behavior of application traffic passing through the FortiGate unit. Application control uses IPS protocol decoders that can analyze network traffic to detect application traffic even if the traffic uses non-standard ports or protocols. Applications control supports detection for traffic using the HTTP protocol (version 1.0, 1.1, and 2.0).

The FortiGate unit can recognize the network traffic generated by a large number of applications. You can create application control sensors that specify the action to take with the traffic of the applications you need to manage and the network on which they are active, and then add application control sensors to the firewall policies that control the network traffic you need to monitor.

An application control sensor has one or more options/entries configured which examines the app traffic for:

• Application category l Application signature ID l Filters overrides l Custom signature l Default port service l Default network service

When selecting the app category, signature, or filter that you intend to work with, the following actions can be set to the specific entry:

• Allow: App traffic will be allowed and no logs are recorded. l Monitor: The entry match is allowed and logged. l Block: Traffic matching the entry will be blocked. l Reset: The session will be dropped and a new session will be started. l Quarantine IP address: Traffic matching the entry will be blocked. The client initiating the traffic will be source-ip banned. l Shaper/Per-ip-shaper: Max-bandwidth and quaratined-bandwidth values can be set to limit the link speed.