Fortinet black logo

SIA Agent-based Deployment Guide

Home FortiSASE SIA Agent-based Deployment Guide

Configuring Application Control

Copy Link
Copy Doc ID 1947280d-c519-11ee-8c42-fa163e15d75b:568255
Download PDF

Configuring Application Control

Applying Application control allows you to allow and block applications by category. FortiSASE can recognize network traffic generated by a large number of applications. Application control uses IPS protocol decoders that can analyze network traffic to detect application traffic, even if the traffic uses non-standard ports or protocols. Application control supports traffic detection using the HTTP protocol (versions 1.0, 1.1, and 2.0).

Cloud applications can only be detected by FortiSASE when SSL deep inspection is enabled. Cloud application signatures are indicated by the cloud icon next to the category.

When viewing cloud signatures within a category in more detail and selecting a specific cloud signature, the SSL deep inspection requirement is indicated by the lock icon within the tooltip window that appears. The screenshot shows that the Facebook Chat cloud application within the Social Media category requires SSL deep inspection to be detected by FortiSASE Application Control.

In this example configuration, the Video/Audio category is allowed, but YouTube related applications are overridden and blocked.

To configure application control:
  1. Go to Configuration > Security.
  2. Enable Application Control.
  3. In the Application Control widget, click Customize.
  4. The Application Control pane displays the application categories. You can configure one of the following actions for each category:

    Type

    Description

    Allow

    Passes the traffic to the web filters, antivirus inspection engine, and DLP inspection engine.

    Monitor

    Processes the traffic the same way as the Allow action. For the Monitor action, FortiSASE generates a log message each time it establishes a matching traffic pattern.

    Block

    Denies or blocks attempts to access any application that belongs to the category. A replacement message displays.

  5. In Application Overrides, you can configure actions for individual applications, overriding the action configured for their category. Click Create. Select the desired action from the dropdown list in the upper left corner, select the desired applications, then click OK. You can search for the desired applications, and filter the list to show only cloud applications. The Application Overrides pane denotes cloud applications with a cloud icon, such as for the YouTube_Category.Control application in the following screenshot. The following example allows the Video/Audio category, and blocks YouTube.

  6. Click OK.
Previous
Next

Configuring Application Control

Applying Application control allows you to allow and block applications by category. FortiSASE can recognize network traffic generated by a large number of applications. Application control uses IPS protocol decoders that can analyze network traffic to detect application traffic, even if the traffic uses non-standard ports or protocols. Application control supports traffic detection using the HTTP protocol (versions 1.0, 1.1, and 2.0).

Cloud applications can only be detected by FortiSASE when SSL deep inspection is enabled. Cloud application signatures are indicated by the cloud icon next to the category.

When viewing cloud signatures within a category in more detail and selecting a specific cloud signature, the SSL deep inspection requirement is indicated by the lock icon within the tooltip window that appears. The screenshot shows that the Facebook Chat cloud application within the Social Media category requires SSL deep inspection to be detected by FortiSASE Application Control.

In this example configuration, the Video/Audio category is allowed, but YouTube related applications are overridden and blocked.

To configure application control:
  1. Go to Configuration > Security.
  2. Enable Application Control.
  3. In the Application Control widget, click Customize.
  4. The Application Control pane displays the application categories. You can configure one of the following actions for each category:

    Type

    Description

    Allow

    Passes the traffic to the web filters, antivirus inspection engine, and DLP inspection engine.

    Monitor

    Processes the traffic the same way as the Allow action. For the Monitor action, FortiSASE generates a log message each time it establishes a matching traffic pattern.

    Block

    Denies or blocks attempts to access any application that belongs to the category. A replacement message displays.

  5. In Application Overrides, you can configure actions for individual applications, overriding the action configured for their category. Click Create. Select the desired action from the dropdown list in the upper left corner, select the desired applications, then click OK. You can search for the desired applications, and filter the list to show only cloud applications. The Application Overrides pane denotes cloud applications with a cloud icon, such as for the YouTube_Category.Control application in the following screenshot. The following example allows the Video/Audio category, and blocks YouTube.

  6. Click OK.
Previous
Next