Configuring Application Control on Fortigate Firewall Device
It can be seen that currently, the majority of risks occurring in corporate network systems are discovered from vulnerabilities in third-party applications or software used by users in the company. From these vulnerabilities, hackers or attackers will collect information or install malicious code that will negatively affect the information resources of individuals and businesses, disrupt information networks, and cause data loss. , reducing work performance and commercial reputation.
Application control solution above Fortigate Firewall Helps control business applications more effectively. Application control provides broad visibility into real-time application usage, as well as managing trends over time through visualization and reporting. Applications can be used to allow which software applications to run on the system, reducing difficulties in the deployment process and continuously updating application list information.
This article will guide you to use the default Application Profile to monitor network traffic and create a Profile to block specific applications.
1. Use the default Profile Application to monitor network traffic
+ To monitor the traffic we access Security Profile > Application control.
– Default profiles are set to: Monitor.
+ At section Unkown Applications : Select Monitor mode.
+ Then enter Policy and enable the feature Application Control.
+ To check, please log in FortiView > Application here Displays applications in use and specific traffic. Click to see the details.
2. Create Application Profile to block applications such as Botnet, Game, Proxy…
· Access to Security Profile > Application Control
· Section Categories: Select the type of application you want to manage and the form of management (here I choose the application Games, Botnets,…)
+ In section Application Overrides select Add signatures
+ Here you can search Signatures according to (Name, Category, Protocol…..)
· To block a specific application you Search Name-> specific application name For example: Facebook -> and click Use selected Signatures.
· Click to select all Facebook-related applications with the default Action selected Block.
+ Check again after creating Application Profile.
+ After creating Application Profile We enable this feature in section Policy to manage.
+ Save changes and check the results.
+ Example: After you access a Game page that is already in the Directory Categories with Action To be Block then receive the following return result.
· To see more details we can:
+ Enter Fortiview > All sessions. Select filter traffic with Security Action: Blocked.
+ Or go to Log & Report -> Forward Traffic to see blocked applications.
Article Configuring Application Control On Device Fortigate Firewall has been basically completed.
Good luck!
Xem tiếp...