Using the Application Control Security Profiles feature, your FortiProxy unit can detect and take action against network traffic depending on the application generating the traffic. Based on FortiProxy Intrusion Protection protocol decoders, application control is a user-friendly and powerful way to use Intrusion Protection features to log and manage the behavior of application traffic passing through the FortiProxy unit. Application control uses IPS protocol decoders that can analyze network traffic to detect application traffic even if the traffic uses nonstandard ports or protocols. Application control supports detection for traffic using HTTP protocol (versions 1.0, 1.1, and 2.0).
The FortiProxy unit can recognize the network traffic generated by a large number of applications. You can create application control sensors that specify the action to take with the traffic of the applications you need to manage and the network on which they are active, and then add application control sensors to the firewall policies that control the network traffic you need to monitor.
Fortinet is constantly adding to the list of applications detected through maintenance of the FortiGuard Application Control Database. This database is part of the FortiGuard Intrusion Protection System Database because intrusion protection protocol decoders are used for application control and both of these databases have the same version number.
You can see the complete list of applications supported by FortiGuard Application Control on the FortiGuard site or https://fortiguard.com/appcontrol. This web page lists all of the supported applications. You can select any application name to see details about the application.
To configure an application sensor, go to Security Profiles > Application Control. The Edit Application Sensor page is displayed.
Configure the following settings and then select Apply to save your changes:
Name | The name of the application sensor. | |
View Application Signatures | Select to see a list of predefined application signatures. To create a new application signature, see Application signatures. | |
Comments | Optional description of the application sensor. | |
Categories |
Select an action for All Categories or for each category of applications:
|
|
Application Overrides | Application overrides allow you to choose individual applications. To add signatures for an application override, see Application overrides. | |
Filter Overrides | Filter overrides allow you to select groups of applications and override the application signature settings for them. To add filters for a filter override, see Filter overrides. | |
Allow and Log DNS Traffic | Enable to allow DNS traffic. | |
QUIC | Select Allow if you want the FortiProxy unit to inspect Google Chrome packets for a QUIC header. Select Block to force Google Chrome to use HTTP2/TLS 1.2. | |
Replacement Messages for HTTP-based Applications | Enable to display replacement messages for HTTP-based applications. |
The application sensor list can be viewed by selecting the List icon (the farthest right of the three icons in the upper right of the window; it resembles a page with some lines on it) in the Edit Application Sensor page toolbar.
Right-click on any column heading to select which columns are displayed or to reset all the columns to their default settings. You can also drag column headings to change their order.
The following options are available:
Create New | Create a new application sensor. See To create a new application sensor:. |
Edit | Modify the selected application sensor. See To edit an application sensor:. |
Clone | Make a copy of the selected application sensor. See To clone an application sensor:. |
Delete | Remove the selected application sensor. See To delete an application sensor:. |
Search | Enter a search term to search the application sensor list. |
Name | The name of the application sensor. |
Comments | An optional description of the application sensor. |
Ref. | Displays the number of times the object is referenced to other objects. To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object. |
Application sensors can be added, edited, cloned, and deleted as required.
If you have to detect an application that is not already in the application list, you can create a new application signature:
Signatures for application overrides can be added, edited, and deleted as required.
Filters for filter overrides can be added, edited, and deleted as required.