FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
evejar
Staff
Staff
Article Id 194492
Description

In some cases, we want to block only one application or apply a specific action, so this KB it is going to be for you. Also can be helpfully if you want to block an application like Duolingo.

Also we have a lot of application today and we need to know different ways to limit the access to these applications that can affect our network or the performance of our employees o co-worker.

We need to know that with Fortigate we have different ways to protect our network (all in one system).


Scope

This KB talks about different ways to block Duolingo that can be apply for others applications, it is not in the scope of this KB to talk about how to block different applications in different ways.


Solution

Here we can find four methods to block Duolingo application web.

     1)Block by IP address 

First, we need to find a documentation that talks about which IPs the application uses, so we can block them or we can run commands like nslookup to find the IP address and then block it.

EV1.png

After that, we need to create as many object we need to have all the IP address the application have. In these case for example we know about three.

Go to Policy&Object > Object> addresses and then create new, also we can group all this addresses to one address group.

EV2.png

Then we are going to create a policy, go to Policy&Object >Policy> IPv4 and then create new. Remember that the action must be block and the destination address must be your addresses group that you create in the step before.

EV3.png

Then you can see in the logs that the Fortigate has blocked your application for IP.

 

EV4.png

EV5.png

     2)Block by FQDN

In some situations, there are a lot of IP and also the owner of the application can add more and more IP address, so it is very difficult to block per IP, so it is possible that you prefer block per FQDN (this can be another way to block).

The first thing you need to do: it is to create your object (FQDN). Go to Policy&Object > Object> addresses and then create new

EV6.png

Then we are going to create a policy, go to Policy&Object >Policy> IPv4 and then create new. Remember that the action must be block and the destination address must be the address that we created before (also can be a group).

EV7.png

Then you can see in the logs that the Fortigate has blocked your application for IP.

EV8.png 

     3)lock by Application Control 

Another possibility it is to block for application, that it is going to be an easy way to block an application that you do not want in your network.

First you need to configure your profile, go to security profile> application control and create a new sensor, looks at the images below:

EV9.png

Then we are going to create a policy, go to Policy&Object >Policy> IPv4 and then create new. Remember that the action must be accept, in the security profiles options enable: “application control” and select the profile that you just created

EV10.png


Then you can see in the logs that the Fortigate that the application was block.

EV11.png 

 4)Block by Web filter (URL FILTER)

In other situation we can block web application through web filter to do this please do the following:

First you need to configure your profile, go to security profile> web filter and create a new profile, looks at the images below:

EV12.png

Then we are going to create a policy, go to Policy&Object >Policy> IPv4 and then create new. Remember that the action must be accept, in the security profiles options enable: “Web Filter” and select the profile that you just created.

EV13.png


We can see the block page, if we try to access.

EV14.png


Related Articles

Exempting applications from SSL Inspection

Technical Note: Application Control with Explicit Proxy policy error

Identity-based-route

Wireless client load balancing

Technical Note: 'Deny: DNS error' and 'Deny: IP connection error'

Technical Tip: Active and passive authentication behavior

Technical Note: Disconnecting a member from a cluster

Technical Tip: How to block by country or geolocation

Technical Tip: Captive portal and LDAP authentication

Contributors