AppControlAdvanced
App Control Advanced
The Firewall > App Control Advanced page provides a way to configure global App Control policies using categories, applications, and signatures. Policies configured on this page are independent from App Rules policies, and do not need to be added to an App Rules policy to take effect.
You can configure the following settings on this page:
While these application control settings are independent from App Rules policies, you can also create application match objects for any of the categories, applications, or signatures available here, and use those match objects in an App Rules policy. See the “Application List Objects” section for more information.
Configuring App Control Global Settings
The Firewall > App Control Advanced page provides the following global settings:
App Control is a licensed service, and you must also enable it to activate the functionality.
To enable App Control and configure the global settings:
Step 1 To globally enable App Control, select the Enable App Control checkbox.
Step 2 To enable App Control on a network zone, navigate to the Network > Zones page, and click the Configure icon for the desired zone.
Step 3 Select the Enable App Control Service checkbox, then click OK .
Note App Control policies are applied to traffic within a network zone only if you enable the App Control Service for that zone. App Rules policies are independent, and not affected by the App Control setting for network zones. The Network > Zones page displays a green indicator in the App Control column for any zones that have the App Control service enabled.
Step 4 You can configure a global exclusion list for App Control policies on the Firewall > App Control Advanced page. To configure the exclusion list, click the Configure App Control Settings button. The App Control Exclusion List window opens.
Step 5 To use the IPS exclusion list, which can be configured from the Security Services > Intrusion Prevention page, select the Use IPS Exclusion List radio button.
Step 6 To use an address object for the exclusion list, select the Use Application Control Exclusion Address Object radio button, and then select an address object from the drop-down list.
Step 7 Click OK .
Step 8 To reset App Control settings and policy configuration to the factory default values, click the Reset App Control Settings & Policies button on the Firewall > App Control Advanced page, and then click OK in the confirmation dialog box. Configuring Application Control by Category
Category based configuration is the most broadly based method of policy configuration on the Firewall > App Control Advanced page. The list of categories is available in the Category drop-down list.
To configure an App Control policy for an application category:
Step 1 Navigate to the Firewall > App Control Advanced page.
Step 2 Under App Control Advanced , select an application category from the Category drop-down list. A Configure button appears to the right of the field as soon as a category is selected.
Step 3 Click the Configure button to open up the App Control Category Settings window for the selected category.
Step 4 To block applications in this category, select Enable in the Block drop-down list.
Step 5 To create a log entry when applications in this category are detected, select Enable in the Log drop-down list.
Step 6 To target the selected block or log actions to a specific user or group of users, select a user group or individual user from the Included Users/Groups drop-down list. Select All to apply the policy to all users.
Step 7 To exclude a specific user or group of users from the selected block or log actions, select a user group or individual user from the Excluded Users/Groups drop-down list. Select None to apply the policy to all users.
Step 8 To target the selected block or log actions to a specific IP address or address range, select an Address Group or Address Object from the Included IP Address Range drop-down list. Select All to apply the policy to all IP addresses.
Step 9 To exclude a specific IP address or address range from the selected block or log actions, select an Address Group or Address Object from the Excluded IP Address Range drop-down list. Select None to apply the policy to all IP addresses.
Step 10 To enable this policy during specific days of the week and hours of the day, select one of the following schedules from the Schedule drop-down list:
• Always on – Enable the policy at all times.
• Work Hours – Enable the policy Monday through Friday, 8:00 AM to 5:00 PM.
• M-T-W-T-F 08:00 to 17:00 – Enable the policy Monday through Friday, 8:00 AM to 5:00 PM.
• After Hours – Enable the policy Monday through Friday, 5:00 PM to 8:00 AM.
• M-T-W-T-F 00:00 to 08:00 – Enable the policy Monday through Friday, midnight to 8:00 AM.
• M-T-W-T-F 17:00 to 24:00 – Enable the policy Monday through Friday, 5:00 PM to midnight.
• SU-S 00:00 to 24:00 – Enable the policy at all times (Sunday through Saturday, 24 hours a day).
• Weekend Hours – Enable the policy Friday at 5:00 PM through Monday at 8:00 AM.
Step 11 To specify a delay between log entries for repetitive events, type the number of seconds for the delay into the Log Redundancy Filter field.
Step 12 Click OK . Configuring Application Control by Application
Application based configuration is the middle level of policy configuration on the Firewall > App Control Advanced page, between the category based and signature based levels.
This configuration method allows you to create policy rules specific to a single application if you want to enforce the policy settings only on the signatures of this application without affecting other applications in the same category.
To configure an App Control policy for a specific application:
Step 1 Navigate to the Firewall > App Control Advanced page.
Step 2 Under App Control Advanced , first select a category from the Category drop-down list.
Step 3 Next, select an application in this category from the Application drop-down list. A Configure button appears to the right of the field as soon as an application is selected.
Step 4 Click the Configure button to open up the App Control App Settings window for the selected application. The fields at the top of the window are not editable. These fields display the values for the Application Category and Application Name. The application configuration parameters default to the current settings of the category to which the application belongs. To retain this connection to the category settings for one or more fields, leave this selection in place for those fields.
Step 5 To block this application, select Enable in the Block drop-down list.
Step 6 To create a log entry when this application is detected, select Enable in the Log drop-down list.
Step 7 To target the selected block or log actions to a specific user or group of users, select a user group or individual user from the Included Users/Groups drop-down list. Select All to apply the policy to all users.
Step 8 To exclude a specific user or group of users from the selected block or log actions, select a user group or user from the Excluded Users/Groups drop-down list. Select None to apply the policy to all users.
Step 9 To target the selected block or log actions to a specific IP address or address range, select an Address Group or Address Object from the Included IP Address Range drop-down list. Select All to apply the policy to all IP addresses.
Step 10 To exclude a specific IP address or address range from the selected block or log actions, select an Address Group or Address Object from the Excluded IP Address Range drop-down list. Select None to apply the policy to all IP addresses.
Step 11 To enable this policy during specific days of the week and hours of the day, select one of the following schedules from the Schedule drop-down list:
• Always on – Enable the policy at all times.
• Work Hours – Enable the policy Monday through Friday, 8:00 AM to 5:00 PM.
• M-T-W-T-F 08:00 to 17:00 – Enable the policy Monday through Friday, 8:00 AM to 5:00 PM.
• After Hours – Enable the policy Monday through Friday, 5:00 PM to 8:00 AM.
• M-T-W-T-F 00:00 to 08:00 – Enable the policy Monday through Friday, midnight to 8:00 AM.
• M-T-W-T-F 17:00 to 24:00 – Enable the policy Monday through Friday, 5:00 PM to midnight.
• SU-S 00:00 to 24:00 – Enable the policy at all times (Sunday through Saturday, 24 hours a day).
• Weekend Hours – Enable the policy Friday at 5:00 PM through Monday at 8:00 AM.
Step 12 To specify a delay between log entries for repetitive events, type the number of seconds for the delay into the Log Redundancy Filter field.
Step 13 To see detailed information about the application, click here in the Note at the bottom of the window.
Step 14 Click OK . Configuring Application Control by Signature
Signature based configuration is the lowest, most specific, level of policy configuration on the Firewall > App Control Advanced page.
Setting a policy based on a specific signature allows you to configure policy settings for the individual signature without influence on other signatures of the same application.
To configure an App Control policy for a specific signature:
Step 1 Navigate to the Firewall > App Control Advanced page.
Step 2 Under App Control Advanced , first select a category from the Category drop-down list.
Step 3 Next, select an application in this category from the Application drop-down list.
Step 4 To display the specific signatures for this application, select Signature in the Viewed by drop-down list. The Freestyle gaming application has two signatures.
Step 5 Click the Configure button in the row for the signature you want to work with. The App Control Signature Settings window opens. The fields at the top of the window are not editable. These fields display the values for the Signature Category, Signature Name, Signature ID, Priority, and Direction of the traffic in which this signature can be detected. The default policy settings for the signature are set to the current settings for the application to which the signature belongs. To retain this connection to the application settings for one or more fields, leave this selection in place for those fields.
Step 6 To block this signature, select Enable in the Block drop-down list.
Step 7 To create a log entry when this signature is detected, select Enable in the Log drop-down list.
Step 8 To target the selected block or log actions to a specific user or group of users, select a user group or individual user from the Included Users/Groups drop-down list. Select All to apply the policy to all users.
Step 9 To exclude a specific user or group of users from the selected block or log actions, select a user group or individual user from the Excluded Users/Groups drop-down list. Select None to apply the policy to all users.
Step 10 To target the selected block or log actions to a specific IP address or address range, select an Address Group or Address Object from the Included IP Address Range drop-down list. Select All to apply the policy to all IP addresses.
Step 11 To exclude a specific IP address or address range from the selected block or log actions, select an Address Group or Address Object from the Excluded IP Address Range drop-down list. Select None to apply the policy to all IP addresses.
Step 12 To enable this policy during specific days of the week and hours of the day, select one of the following schedules from the Schedule drop-down list:
• Always on – Enable the policy at all times.
• Work Hours – Enable the policy Monday through Friday, 8:00 AM to 5:00 PM.
• M-T-W-T-F 08:00 to 17:00 – Enable the policy Monday through Friday, 8:00 AM to 5:00 PM.
• After Hours – Enable the policy Monday through Friday, 5:00 PM to 8:00 AM.
• M-T-W-T-F 00:00 to 08:00 – Enable the policy Monday through Friday, midnight to 8:00 AM.
• M-T-W-T-F 17:00 to 24:00 – Enable the policy Monday through Friday, 5:00 PM to midnight.
• SU-S 00:00 to 24:00 – Enable the policy at all times (Sunday through Saturday, 24 hours a day).
• Weekend Hours – Enable the policy Friday at 5:00 PM through Monday at 8:00 AM.
Step 13 To specify a delay between log entries for repetitive events, type the number of seconds for the delay into the Log Redundancy Filter field.
Step 14 To see detailed information about the signature, click here in the Note at the bottom of the window.
Step 15 Click OK . Using the Application Control Wizard
The Application Control wizard provides safe configuration of App Rules policies for many common use cases, but not for everything. If at any time during the wizard you are unable to find the options that you need, you can click Cancel and proceed using manual configuration. When configuring manually, you must remember to configure all components, including match objects, actions, email address objects if required, and finally, a policy that references them.
To use the wizard to configure Application Control, perform the following steps:
Step 2 In the SonicWALL banner at the top of the screen, click the Wizards icon. The wizards Welcome screen displays.
Step 3 Select the Application Control Wizard radio button and then click Next .
Step 4 In the Application Control Wizard Introduction screen, click Next .
Step 5 In the Application Control Policy Type screen, click a selection for the policy type, and then click Next . You can choose among SMTP , incoming POP3 , Web Access , or FTP file transfer. The policy that you create will only apply to the type of traffic that you select. The next screen will vary depending on your choice here.
Step 6 In the Select <your choice> Rules for Application Control screen, select a policy rule from the choices supplied, and then click Next . Depending on your choice in the previous step, this screen is one of four possible screens:
Step 7 The screen displayed here will vary depending on your choice of policy rule in the previous step. For the following policy rules, the wizard displays the Set Application Control Object Keywords and Policy Direction screen on which you can select the traffic direction to scan, and the content or keywords to match.
• All SMTP policy rule types except Specify maximum email size
• All Web Access policy rule types except Look for usage of certain web browsers and Look for usage of any web browser, except the ones specified
• All FTP policy types except Make all FTP access read-only and Disallow usage of SITE command In the Set Application Control Object Keywords and Policy Direction screen, perform the following steps:
• In the Direction drop-down list, select the traffic direction to scan from the drop-down list. Select one of Incoming , Outgoing , or Both .
Note If you selected a choice with the words except the ones specified in the previous step, content that you enter here will be the only content that does not cause the action to occur. See “ Negative Matching ” .
– In the Content text box, type or paste a text or hexadecimal representation of the content to match, and then click Add . Repeat until all content is added to the List text box.
– To import keywords from a predefined text file that contains a list of content values, one per line, click Load From File .
• Click Next . If you selected a policy type in the previous step that did not result in the Set Application Control Object Keywords and Policy Direction screen with the standard options, the wizard displays a screen that allows you to select the traffic direction, and certain other choices depending on the policy type.
• In the Direction drop-down list, select the traffic direction to scan.
• SMTP: In the Set Maximum Email Size screen, in the Maximum Email Size text box, enter the maximum number of bytes for an email message.
• Web Access: In the Application Control Object Settings screen, the Content text box has a drop-down list with a limited number of choices, and no Load From File button is available. Select a browser from the drop-down list.
• FTP: In the special-case Set Application Control Object Keywords and Policy Direction screen, you can only select the traffic direction to scan.
• Click Next .
Step 8 In the Application Control Action Settings screen, select the action to take when matching content is found in the specified type of network traffic, and then click Next . You will see one or more of the following choices depending on the policy type, as shown below:
Step 9 In the second Application Control Action Settings screen (if it is displayed), in the Content text box, type the text or URL that you want to use, and then click Next . The second Application Control Action Settings screen is only displayed when you selected an action in the previous step that requires additional text. For a Web Access policy type, if you selected an action that redirects the user, you can type the new URL into the Content text box.
Step 10 In the Select Name for Application Control Policy screen, in the Policy Name text box, type a descriptive name for the policy, and then click Next .
Step 11 In the Confirm Policy Settings screen, review the displayed values for the new policy and do one of the following:
Step 12 In the Application Control Policy Complete screen, to exit the wizard, click Close .
Note You can configure Application Control policies without using the wizard. When configuring manually, you must remember to configure all components, including match objects, actions, email address objects if required, and finally, a policy that references them.