Hi,
I am trying to block specific applications example TeamViewer . I don't want anyone to access our network from outside or even using TeamViewer inside the network.
Also the are lots of other users who have admin access to their computers , so I cannot prevent them from downloading anything but i want to be able to prevent them from executing the install file example WireShark.
I have tried reading on the forum but the documents does not match exactly what i want.
The firmware version for my FortiGate 100F is v6.4.9 build1966(GA)
Thanks
Tazio
This will be highly dependent on what exact application you have in mind. Here are a couple options, in no particular order:
1, Deny policy targetting ISDB destinations
A well-known app with known IP:port lists can be blocked by an explicity DENY policy with the destination set to the ISDB entry relevant to the application. E.g. TeamViewer-TeamViewer.
2, Application Control signature blocking
Well-known applications may also have pre-made signatures. Those can be set to block in an Application Control UTM profile, which you can then apply to your internet-access firewall policies.
3, If the app is HTTPS/DNS dependent (must resolve some FQDN to function, or uses standard HTTPS for communication), you may be able to get away with simply blocking the relevant FQDNs with DNS filter or webfilter. (e.g. add static URL filter entries with block action)
4, For custom/less known apps: If you're crafty enough and have some knowledge of the application's protocol(s), you may be able to create your own custom IPS signature to block the application with Application Control. Documentation here
5, Alternatively, if the signature doesn't exist yet and you think other users would benefit from it being made, you can submit a request for a new AppControl signature here.
Note: With signature-based blocking, you may or may not need to utilise deep packet inspection (HTTPS/TLS decryption).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.