Blocking high-risk applications

To guard their networks against malware, many organizations need to control access to applications that are considered high risk. You can create policies to restrict traffic to all applications categorized as high risk. When the application signature database is updated, new applications are automatically added to application filters and firewall rules. For example, if a new signature is added for a high-risk application and there is already an application filter that blocks all high-risk applications, the new application will be blocked.


When you complete this unit, you’ll know how to do the following:
  • Create an application filter policy to block traffic for high risk applications.
  • Create a firewall rule and add the policy.

Create an application filter policy

Create an application filter policy that blocks all high-risk applications.

  1. Go to Applications > Application filter and click Add.
    The firewall creates a new blank policy. By default, the policy accepts all traffic. You specify rules after you save the policy.
  2. Enter a name.
    Name Block_High_Risk_Apps
  3. Click Save.
  4. In the list of application filters, locate the filter you just added and click .
  5. Click Add.
  6. Click Select All to include all applications returned by the filter criteria.
  7. From the Risk filter, select High and Very High, and click OK.
  8. Specify the settings.
    Action Deny
    Schedule All the time
  9. Click Save to add the rule.
  10. Click Save to update the policy.

Create a firewall rule and apply the policy

The application filter policy takes effect when you add it to a firewall rule. In this case, the rule blocks access to all high-risk applications for all users.

  1. Go to Firewall and click + Add firewall rule > User/Network rule.
  2. Specify the settings.
    Rule name Block_High_Risk_Apps_Rule
    Source zones Any
    Destination zones Any
  3. Scroll to the Advanced section and select the Block_High_Risk_Apps policy.
  4. Click Save.