Let's add a policy by applying application filters. We will consider filtering on Urls or websites that run applications that understand the actions of unproductiveness or security risk. Let's see the list of applications that we can filter in the localized Services - Application Control profiles, in Applications click on [], this panel aims to identify cloud applications that fit this type of classification.


Application ControlAdd application


List of applications identified as unproductive or security risk.

  • Baidu Movies;
  • CDNContent Delivery Network (messengers);
  • Dropbox;
  • Facebook (all);
  • Google Drive;
  • Google Drive Upload;
  • Google Mail;
  • Google Photos / Google + Photos;
  • One Drive;
  • Skype Call Start;
  • Skype Call End.


Below is a summary of what will be configured in the rule:


  • [Properties]: WEB – APP Block, Action: Allow; TAG = Block;
  • [Conditions]: Zone = LAN, Authenticated;
  • [Inspection]: SSL Inspection, Application Control and Web Filter;
  • [Routing]: No controls.


To add a security policy, in the action menu [], click on the option “Create Policy” ;


IPv4 - Actions Menu - Create Policy


Configure each tab according to the settings shown below.

 

Properties


In the [Properties] tab, in Name, name it as: “WEB - APP Block”;

In Description type “WEB - APP Block”;

In Action leave the option "Allow", you will make the block through the profiles of Web Filter and Application Control;

In Policy Group select “Web Filter”;

In Tags type “Block”;

Select the Traffic Logging[] checkbox.


You will have arrived at the result illustrated by the image below:


Create Policy – Ex. 3 – Properties


Select the next tab, [Conditions].


Conditions


In the [Conditions] tab, in Network Zone select the option: “LAN”;

In Identification select the checkbox Authenticated[];

You will have arrived at the result illustrated by the image below:


Create Policy – Ex. 3 – Conditions


Select the next tab, [Inspection].


Inspection


On the [Inspection] tab, check the SSL Inspection[] checkbox and add a profile that inspects HTTPS (For more information, check this page); 

Select the Application Control[] checkbox and select the profile related to all unproductive or risky application categories (For more information, check this page);

Select the Web Filter[] checkbox and select the profile related to the unproductivity or risk categories (For more information, check this page);

You will have arrived at the result illustrated by the image below:


Create Policy – Ex. 3 – Inspection


Select the next tab, [Routing].


Routing


In the [Routing] tab, no control will be activated, as exemplified by the following image:


Create Policy – Ex. 3 – Routing


After configuring each tab according to the definition of the applied policy, click on [].


Policy Saved Successfully


The screen shown in the following image will be displayed:


Create PolicyWEB - APP Block


After saving, for the policy to take effect it will be necessary to access the command queue [] and apply the changes made. For more information on the command queue access the page: UTM - Command queue.


After performing these procedures, the policy will have been successfully configured.


In example 3 we defined and added a “categories and apps” blocking policy for inappropriate or unproductive content.

  • No labels