Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tazio
New Contributor III

How to block specific application

Hi,

I am trying to block specific applications example TeamViewer . I don't want anyone to access our network from outside or even using TeamViewer inside the network.

Also the are lots of other users who have admin access to their computers , so I cannot prevent them from downloading anything but i want to be able to prevent them from executing the install file example WireShark.

I have tried reading on the forum but the documents does not match exactly what i want.

The firmware version for my FortiGate 100F is v6.4.9 build1966(GA)

 

Thanks

Tazio

 

1 REPLY 1
pminarik
Staff
Staff

This will be highly dependent on what exact application you have in mind. Here are a couple options, in no particular order:

 

1, Deny policy targetting ISDB destinations
A well-known app with known IP:port lists can be blocked by an explicity DENY policy with the destination set to the ISDB entry relevant to the application. E.g. TeamViewer-TeamViewer.

pminarik_0-1668162294921.png

 

2, Application Control signature blocking

Well-known applications may also have pre-made signatures. Those can be set to block in an Application Control UTM profile, which you can then apply to your internet-access firewall policies.

pminarik_1-1668162384168.png

 

3, If the app is HTTPS/DNS dependent (must resolve some FQDN to function, or uses standard HTTPS for communication), you may be able to get away with simply blocking the relevant FQDNs with DNS filter or webfilter. (e.g. add static URL filter entries with block action)

 

4, For custom/less known apps: If you're crafty enough and have some knowledge of the application's protocol(s), you may be able to create your own custom IPS signature to block the application with Application Control. Documentation here

 

5, Alternatively, if the signature doesn't exist yet and you think other users would benefit from it being made, you can submit a request for a new AppControl signature here.

 

Note: With signature-based blocking, you may or may not need to utilise deep packet inspection (HTTPS/TLS decryption).

[ corrections always welcome ]