The Firewall > App Control Advanced page provides the following global settings:
1
|
To globally enable App Control, select the Enable App Control checkbox.
|
2
|
To enable App Control on a network zone, navigate to the Network > Zones page.
|
3
|
4
|
Select the Enable App Control Service checkbox. This option is not selected by default.
|
5
|
Click OK.
|
The Network > Zones page displays a green indicator in the App Control column for any zones that have the App Control service enabled.
6
|
To configure a global exclusion list for App Control policies, navigate to the Firewall > App Control Advanced page.
|
7
|
8
|
Select the Enable Application Control Exclusion List checkbox. This option is not selected by default.
|
9
|
•
|
The IPS exclusion list, which can be configured from the Security Services > Intrusion Prevention page, select the Use IPS Exclusion List radio button. This is the default.
|
•
|
To use an address object for the exclusion list, select the Use Application Control Exclusion Address Object radio button, and then select an address object from the drop-down menu.
|
10
|
Click OK.
|
1
|
2
|
Click OK in the confirmation dialog.
|
1
|
In the App Control Global Settings section of the Firewall > App Control Advanced page, select the Enable Logging For All Apps checkbox.
|
2
|
Click the Accept button.
|
Category-based configuration is the most broadly based method of policy configuration on the Firewall > App Control Advanced page. The Category drop-down menu lists available categories.
1
|
Navigate to the Firewall > App Control Advanced page.
|
2
|
Under App Control Advanced, select an application category from the Category drop-down menu. A Configure icon appears to the right of the field as soon as a category is selected.
|
3
|
4
|
To block applications in this category, select Enable in the Block drop-down menu. The default is Disable.
|
5
|
To create a log entry when applications in this category are detected, select Enable in the Log drop-down menu.
|
6
|
To target the selected block or log actions to a specific user or group of users, select a user group or individual user from the Included Users/Groups drop-down menu. Select All to apply the policy to all users.
|
7
|
To exclude a specific user or group of users from the selected block or log actions, select a user group or individual user from the Excluded Users/Groups drop-down menu. Select None to apply the policy to all users.
|
8
|
To target the selected block or log actions to a specific IP address or address range, select an Address Group or Address Object from the Included IP Address Range drop-down menu. Select All to apply the policy to all IP addresses.
|
9
|
To exclude a specific IP address or address range from the selected block or log actions, select an Address Group or Address Object from the Excluded IP Address Range drop-down menu. Select None to apply the policy to all IP addresses.
|
10
|
11
|
To specify a delay between log entries for repetitive events, type the number of seconds for the delay into the Log Redundancy Filter field. The default is 0 seconds.
|
12
|
Click OK.
|
Application based configuration is the middle level of policy configuration on the Firewall > App Control Advanced page, between the category based and signature based levels.
1
|
Navigate to the Firewall > App Control Advanced page.
|
2
|
3
|
Next, select an application in this category from the Application drop-down menu. A Configure icon appears to the right of the field as soon as an application is selected.
|
4
|
Click the Configure icon to display the App Control App Settings dialog for the selected application.
|
The dimmed App Category and App Name fields at the top of the dialog are not editable. The application configuration parameters default to the current settings of the category to which the application belongs.
5
|
To change whether to block the application, from the Block drop-down menu, select:
|
•
|
Enable to block this application
|
•
|
Disable to unblock it.
|
6
|
To change whether to create a log entry when this application is detected, from the Log drop-down menu, select:
|
•
|
Enable to create log entries
|
•
|
Disable to not create log entries
|
7
|
To change whether to target the selected block or log actions to a specific user or group of users, from the Included Users/Groups drop-down menu, select:
|
•
|
All to apply the policy to all users.
|
8
|
To change whether to exclude a specific user or group of users from the selected block or log actions, from the Excluded Users/Groups drop-down menu, select:
|
•
|
None to apply the policy to all users.
|
9
|
To change whether to target the selected block or log actions to a specific IP address or address range, from the Included IP Address Range drop-down menu, select:
|
•
|
All to apply the policy to all IP addresses.
|
10
|
To change whether to exclude a specific IP address or address range from the selected block or log actions, from the Excluded IP Address Range drop-down menu, select:
|
•
|
None to apply the policy to all IP addresses.
|
11
|
12
|
By default, the Log Redundancy Filter (seconds) checkbox is selected, and the specific application uses the Category settings. The Log Redundancy Filter field is dimmed. To specify a different delay between log entries for repetitive events for this particular application:
|
a
|
b
|
Type the number of seconds for the delay into the Log Redundancy Filter field.
|
13
|
Click OK.
|
Signature based configuration is the lowest, most specific, level of policy configuration on the Firewall > App Control Advanced page.
1
|
Navigate to the Firewall > App Control Advanced page.
|
2
|
3
|
Select an application in this category from the Application drop-down menu.
|
4
|
To display the specific signatures for this application, select Signature in the Viewed by drop-down menu. The Freestyle gaming application has two signatures.
|
5
|
Click the Configure icon in the row for the signature you want to work with. The App Control Signature Settings dialog displays.
|
TIP: You also can display the Edit App Control Signature dialog by entering the signature ID in the Lookup Signature ID field and then clicking the Edit icon.
|
TIP: To modify the settings for the application, click the Edit icon by the Application ID field to display the Edit App Control App dialog. For information about the Edit App Control App dialog, see Configuring Application Control by Application .
|
|
|||
6
|
To change whether to block the application, from the Block drop-down menu, select:
|
•
|
Enable to block this application
|
•
|
Disable to unblock it.
|
7
|
To change whether to create a log entry when this application is detected, from the Log drop-down menu, select:
|
•
|
Enable to create log entries
|
•
|
Disable to not create log entries
|
8
|
To change whether to target the selected block or log actions to a specific user or group of users, from the Included Users/Groups drop-down menu, select:
|
•
|
All to apply the policy to all users.
|
9
|
To change whether to exclude a specific user or group of users from the selected block or log actions, from the Excluded Users/Groups drop-down menu, select:
|
•
|
None to apply the policy to all users.
|
10
|
To change whether to target the selected block or log actions to a specific IP address or address range, from the Included IP Address Range drop-down menu, select:
|
•
|
All to apply the policy to all IP addresses.
|
11
|
To change whether to exclude a specific IP address or address range from the selected block or log actions, from the Excluded IP Address Range drop-down menu, select:
|
•
|
None to apply the policy to all IP addresses.
|
12
|
13
|
By default, the Log Redundancy Filter (seconds) checkbox is selected, and the specific application uses the Category settings. The Log Redundancy Filter field is dimmed. To specify a different delay between log entries for repetitive events for this particular application:
|
a
|
b
|
Type the number of seconds for the delay into the Log Redundancy Filter field.
|
14
|
To see detailed information about the signature, click here in the Note at the bottom of the dialog.
|
15
|
Click OK.
|