Application control

Using the Application Control Security Profiles feature, your FortiProxy unit can detect and take action against network traffic depending on the application generating the traffic. Based on FortiProxy Intrusion Protection protocol decoders, application control is a user-friendly and powerful way to use Intrusion Protection features to log and manage the behavior of application traffic passing through the FortiProxy unit. Application control uses IPS protocol decoders that can analyze network traffic to detect application traffic even if the traffic uses nonstandard ports or protocols. Application control supports detection for traffic using HTTP protocol (versions 1.0, 1.1, and 2.0).

The FortiProxy unit can recognize the network traffic generated by a large number of applications. You can create application control sensors that specify the action to take with the traffic of the applications you need to manage and the network on which they are active, and then add application control sensors to the firewall policies that control the network traffic you need to monitor.

Fortinet is constantly adding to the list of applications detected through maintenance of the FortiGuard Application Control Database. This database is part of the FortiGuard Intrusion Protection System Database because intrusion protection protocol decoders are used for application control and both of these databases have the same version number.

You can see the complete list of applications supported by FortiGuard Application Control on the FortiGuard site or https://fortiguard.com/appcontrol. This web page lists all of the supported applications. You can select any application name to see details about the application.

To configure an application sensor, go to Security Profiles > Application Control. The Edit Application Sensor page is displayed.

Configure the following settings and then select Apply to save your changes:

Name The name of the application sensor.
View Application Signatures Select to see a list of predefined application signatures. To create a new application signature, see Application signatures.
Comments Optional description of the application sensor.
Categories Select an action for All Categories or for each category of applications:
  • Monitor—This action allows the targeted traffic to continue on through the FortiProxy unit but logs the traffic for analysis.
  • Allow—This action allows the targeted traffic to continue on through the FortiProxy unit.
  • Block—This action prevents all traffic from reaching the application and logs all occurrences.
  • Quarantine—This action allows you to quarantine or block access to an application for a specified duration that can be entered in days, hours, and minutes. The default is 5 minutes.
You can also select View Signatures or View Cloud Signatures to see a list of signatures for that category.
Application Overrides Application overrides allow you to choose individual applications. To add signatures for an application override, see Application overrides.
Filter Overrides Filter overrides allow you to select groups of applications and override the application signature settings for them. To add filters for a filter override, see Filter overrides.
Allow and Log DNS Traffic Enable to allow DNS traffic.
QUIC Select Allow if you want the FortiProxy unit to inspect Google Chrome packets for a QUIC header. Select Block to force Google Chrome to use HTTP2/TLS 1.2.
Replacement Messages for HTTP-based Applications Enable to display replacement messages for HTTP-based applications.

Application sensor list

The application sensor list can be viewed by selecting the List icon (the farthest right of the three icons in the upper right of the window; it resembles a page with some lines on it) in the Edit Application Sensor page toolbar.

Right-click on any column heading to select which columns are displayed or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New Create a new application sensor. See To create a new application sensor:.
Edit Modify the selected application sensor. See To edit an application sensor:.
Clone Make a copy of the selected application sensor. See To clone an application sensor:.
Delete Remove the selected application sensor. See To delete an application sensor:.
Search Enter a search term to search the application sensor list.
Name The name of the application sensor.
Comments An optional description of the application sensor.
Ref. Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.

Application sensors can be added, edited, cloned, and deleted as required.

To create a new application sensor:
  1. From the application sensor list, select Create New.
  2. Enter the required information and then select Apply to create the application sensor.
To edit an application sensor:
  1. From the application sensor list, select the sensor that you need to edit and then select Edit from the toolbar or double-click on the sensor name in the list.
    The Edit Application Sensor window opens.
  2. Edit the information as required and then select Apply to save your changes.
To clone an application sensor:
  1. From the application sensor list, select the sensor to copy.
  2. Select Clone from the toolbar.
  3. Enter a name for the cloned sensor in the dialog box and then select OK.
    The application sensor list opens with the clone added.
  4. Edit the clone as needed.
To delete an application sensor:
  1. From the application sensor list, select the sensor or sensors that you want to delete.
  2. Select Delete from the toolbar.
  3. Select OK in the confirmation dialog box to delete the selected sensor or sensors.

Application signatures

If you have to detect an application that is not already in the application list, you can create a new application signature:

  1. Go to Security Profiles > Application Control.
  2. Select the link in the upper right corner, [View Application Signatures].
  3. Select Create New.
  4. Enter a name (no spaces) for the application signature in the Name field.
  5. Enter a brief description in the Comments field
  6. Enter the text for the signature in the Signature field. The syntax for signatures is described in Custom signatures.
  7. Select OK.

Application overrides

Signatures for application overrides can be added, edited, and deleted as required.

To add predefined signatures:
  1. Go to Security Profiles > Application Control.
  2. In the Application Overrides section, select Add Signatures.
  3. Use the Add Filter search field to narrow down the list of possible signatures by a series of attributes.
  4. Select Use Selected Signatures.
To edit a predefined signature:
  1. Go to Security Profiles > Application Control.
  2. In the Application Overrides section, select the signature to edit and then select Edit Parameters from the toolbar. NOTE: You can only edit signatures that have parameters.
  3. Edit the information as required and then select OK to apply your changes.
To delete a predefined signature or signatures:
  1. Go to Security Profiles > Application Control.
  2. In the Application Overrides section, select the signature or signatures to delete.
  3. Select Delete from the toolbar.

Filter overrides

Filters for filter overrides can be added, edited, and deleted as required.

To create a new filter:
  1. Go to Security Profiles > Application Control.
  2. In the Filter Overrides section, select Add Filter.
  3. Use the Add Filter search field to narrow down the list of possible signatures by a series of attributes.
  4. Select Use Filters.
To edit a filter:
  1. Go to Security Profiles > Application Control.
  2. In the Filter Overrides section, select the filter you want to edit and then select Edit from the toolbar.
    The Edit Filter Overrides window opens.
  3. Edit the information as required and then select Save Filters to apply your changes.
To delete a filter or filters:
  1. Go to Security Profiles > Application Control.
  2. In the Filter Overrides section, select the filter or filters that you want to delete.
  3. Select Delete from the toolbar.

Open topic with navigation