Description
This article shows how to set up application control on v5.2. It gives an example showing how to block a specific application and allow all other applications.
Scope
FortiGate.
Solution
In this example, the GUI is used to block just the Apple Store.
- Under Security Profiles -> Application Control, in the extreme right corner, the ‘+’ icon needs to be selected to create a new application control list; alternatively, the existing default can be used. In this example, a new application control list with the name of ‘Block Apple Store’ is created.
- Under Application Overrides, on ‘Add Signatures’, the application name that is to be blocked should be searched.
- The required application can be selected, and the required action should be set (in this case, it is block, but this section can be used to override the action set on each category.
- Under Policy under Objects -> Policy -> IPV4, the source and destination interfaces, along with the source and destination subnets as needed, should be set.
- UTMs should be enabled, and the Application control profile, which was created earlier, should be selected from the list.
- As a next step, ‘SSL/SSH Inspection’ as the default can be selected, and deep-inspection can be used if HTTPS traffic is to be inspected as well.
Note:
On newer versions, the Application Control view has changed. On v7.4.8 as an example, the security profile looks like this:
Selecting a signature entry to Block:
The entry will look as follows:
This profile is applied to the firewall policy:
