In some cases, we want to block only one application or apply a specific action, so this KB it is going to be for you. Also can be helpfully if you want to block an application like Duolingo.
Also we have a lot of application today and we need to know different ways to limit the access to these applications that can affect our network or the performance of our employees o co-worker.
We need to know that with Fortigate we have different ways to protect our network (all in one system).
Scope
This KB talks about different ways to block Duolingo that can be apply for others applications, it is not in the scope of this KB to talk about how to block different applications in different ways.
Solution
Here we can find four methods to block Duolingo application web.
1)Block by IP address
First, we need to find a documentation that talks about which IPs the application uses, so we can block them or we can run commands like nslookup to find the IP address and then block it.
After that, we need to create as many object we need to have all the IP address the application have. In these case for example we know about three.
Go to Policy&Object > Object> addresses and then create new, also we can group all this addresses to one address group.
Then we are going to create a policy, go to Policy&Object >Policy> IPv4 and then create new. Remember that the action must be block and the destination address must be your addresses group that you create in the step before.
Then you can see in the logs that the Fortigate has blocked your application for IP.
2)Block by FQDN
In some situations, there are a lot of IP and also the owner of the application can add more and more IP address, so it is very difficult to block per IP, so it is possible that you prefer block per FQDN (this can be another way to block).
The first thing you need to do: it is to create your object (FQDN). Go to Policy&Object > Object> addresses and then create new
Then we are going to create a policy, go to Policy&Object >Policy> IPv4 and then create new. Remember that the action must be block and the destination address must be the address that we created before (also can be a group).
Then you can see in the logs that the Fortigate has blocked your application for IP.
3)lock by Application Control
Another possibility it is to block for application, that it is going to be an easy way to block an application that you do not want in your network.
First you need to configure your profile, go to security profile> application control and create a new sensor, looks at the images below:
Then we are going to create a policy, go to Policy&Object >Policy> IPv4 and then create new. Remember that the action must be accept, in the security profiles options enable: “application control” and select the profile that you just created
Then you can see in the logs that the Fortigate that the application was block.
4)Block by Web filter (URL FILTER)
In other situation we can block web application through web filter to do this please do the following:
First you need to configure your profile, go to security profile> web filter and create a new profile, looks at the images below:
Then we are going to create a policy, go to Policy&Object >Policy> IPv4 and then create new. Remember that the action must be accept, in the security profiles options enable: “Web Filter” and select the profile that you just created.
We can see the block page, if we try to access.
Related Articles
Exempting applications from SSL Inspection
Technical Note: Application Control with Explicit Proxy policy error
Wireless client load balancing
Technical Note: 'Deny: DNS error' and 'Deny: IP connection error'
Technical Tip: Active and passive authentication behavior
Technical Note: Disconnecting a member from a cluster
