Description
This article describes that, in some cases, it is desired to block only one application or apply a specific action. Also, it can be helpful if it is desired to block an application like Duolingo.
Also, there are a lot of applications today, and it is necessary to know different ways to limit access to these applications that can affect the network or the performance of employees or co-workers.
It is necessary to know that with FortiGate, there are different ways to protect the network (all in one system).
Scope
This article talks about different ways to block Duolingo that can be applied to other applications. It is not in the scope of this article to describe how to block different applications in different ways.
Solution
Here are four methods to block the Duolingo application web.
- Block by IP address.
First, it is necessary to find documentation that talks about which IPs the application uses, so it is possible to block them or run commands like nslookup to find the IP address and then block it.
After that, it is necessary to create as many objects and to have all the IP addresses the application has. In this case, for example, there are about three.
Go to Policy & Object -> Object -> Addresses and then create a new one. Also, it is possible to group all these addresses into one address group.
Then create a policy: go to Policy & Object -> Policy -> IPv4 and then create a new one. Remember that the action must be blocked and the destination address must be the address group created in the step before.
Then it is possible to see in the logs that the FortiGate has blocked the application for the IP.
-
Block by FQDN.
In some situations, there are a lot of IPs, and also the owner of the application can add more and more IP addresses, so it is very difficult to block per IP. So, it may be preferable to block per FQDN (this can be another way to block).
The first thing necessary to do is to create the object (FQDN). Go to Policy & Object -> Object -> Addresses and then create a new one.
Then it is necessary to create a policy: go to Policy & Object -> Policy -> IPv4 and then create a new one. Remember that the action must be blocked and the destination address must be the address created before (also, it can be a group).
Then it is possible to see in the logs that the FortiGate has blocked the application for the IP.
- Block by Application Control.
Another possibility is to block for application; it is going to be an easy way to block an application that is not desired in the network.
First, it is necessary to configure the profile, go to Security Profile -> Application Control, and create a new sensor, look at the images below:
Then create a policy, go to Policy & Object -> Policy -> IPv4, and then create a new one. Remember that the action must be accepted, in the security profiles options, enable 'application control' and select the profile just been created.
Then it is possible to see in the logs that the FortiGate is blocking the application.
-
Block by Web filter (URL FILTER).
In other situations, it is possible to block web applications through a web filter. To do this, do the following:
First, it is necessary to configure the profile, go to Security profile -> Web filter, and create a new profile. Look at the images below:
Then create a policy, go to Policy & Object -> Policy -> IPv4, and then create a new one. Remember that the action must be accepted, in the security profiles options, enable 'Web Filter' and select the profile just created.
It is possible to see the block page when trying to access.
Related articles:
Technical Tip: Exempting applications/domains/websites from Deep SSL Inspection
Technical Note: Application Control with Explicit Proxy policy error
Wireless client load balancing
Technical Note: 'Deny: DNS error' and 'Deny: IP connection error'
Technical Tip: Active and passive authentication behavior
Technical Note: Disconnecting a member from a cluster
