Configuring an application rule is similar to configuring an access rule. You can enable Application Control features on a per-access-rule basis. Application rules allow you to block or throttle traffic for detected applications. You can also combine the application rule with a URL filter policy object. The application ruleset is evaluated every time an access rule matches that has enabled any of the Application Control options. Make sure the matching access rule allows all protocols needed for the applications you are creating policies for. The application ruleset can be created as a positive or negative list, depending on whether the default policy is set to allow or block undetected applications per default. In most cases, setting the default policy to allow undetected applications and then creating application rules to block or throttle application traffic is the recommended setup.
Before You Begin
- Verify that you have enabled Application Control and that you are using the latest feature level of the firewall service. For more information, see How to Enable Application Control.
- Create Application Objects and/or Application Filters necessary for your application policies. For more information, see How to Create an Application Object and How to Create an Application Filter.
Step 1. Enable Application Control Features for the Access Rule
- Go to FIREWALL > Access Rules.
- Double-click the row or click edit in the Actions column of the access rule you want to enable Application Control for.
- The Edit Access Rule window opens.
- Click Yes for Application Control.
-
Select the Application Control features to be used for this access rule:
SSL Interception
URL Filter
Virus Scan
ATP
File Content Scan
Mail Security
Safe Search
- Click Save.
Step 2. Create an Application Rule
For each application policy, create an application rule. Rules are evaluated from top to bottom. The action set in the first matching rule is executed.
- Go to FIREWALL > Application Rule.
- Click Add Application Rule.
- The Edit Application Rule window opens.
-
In this case, an application rule for minimizing the bandwidth to the lowest priority will be created:
- Action – Select Pass to let the traffic continue to flow.
- Name – Enter the name for your application rule, e.g., Social Networks.
- Adjust Bandwidth – Select Lowest Bandwidth.
- Click Browse.
- The Application Browser window opens.
- Select your List Based Application Object that you have already configured, e.g., FacebookAndGooglePlus.
- Click Add Selected.
- Click Save.
- Drag the application rule above the standard rule ALL-APPS.
The application rule is now added to the list of application rules.