Internet communication systems are based on defined protocols that reside in the application layer (most common: HTTP, HTTPS, or SMTP) and guarantee that users can visit websites, access encrypted online banking accounts, and send emails through the web. Although Application Control 2.0 works on the application layer and detects applications based on communication patterns, you still want to have full control over generic network communication protocols like IPsec, BGP or SIP. In critical back-end environments (like MSSP), Application Control 2.0 detection based on protocol objects is the right tool to detect, classify, regulate, or even block generic IP-based protocols independent from communication criteria like source and destination network or even protocol.
Create a Protocol Object
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules.
- Click Lock.
- In the left menu, expand Firewall Objects and select Applications.
- Create the protocol object by either right-clicking the table and selecting New > Protocol Object or using the icons in the top-right area of the rule set.
- Either search or filter for the protocols to include in the object.
- Add protocols by either dragging them to the Protocol Set section or clicking the plus sign (+) next to their names.
- If an application consists of more than one component, you can add the parent application to also add the child objects.
- Click Save.
- Click Send Changes and Activate.
The following figure displays the process for creating a protocol object.