Skip to content

Block high-risk applications

You can create policies to block traffic to high-risk applications. New applications are automatically added to application filters and firewall rules when the application signature database is updated. For example, if a new signature is added for a high-risk application that has an application filter to block these applications, Sophos Firewall also blocks the application based on the new signature.

Objectives

When you complete this unit, you'll know how to do the following:

  • Create an application filter policy to block traffic for high-risk applications.
  • Create a firewall rule and add the policy.

Create an application filter policy

Create an application filter policy that blocks all high-risk applications.

  1. Go to Applications > Application filter and click Add. The firewall creates a new blank policy. By default, the policy accepts all traffic. You specify rules after you save the policy.
  2. Enter a name.

    Name Description
    Name Block_High_Risk_Apps
  3. Click Save.

  4. In the list of application filters, locate the filter you just added and click Edit Edit button.

    Edit application filter

  5. Click Add.

    Add button for application filter rules

  6. Click Select All to include all applications returned by the filter criteria.

  7. From the Risk filter, select High and Very High, and click OK.

    Select filters

  8. Specify the settings.

    Name Description
    Action Deny
    Schedule All the time
  9. Click Save to add the rule.

  10. Click Save to update the policy.

Create a firewall rule and apply the policy

The application filter policy takes effect when you add it to a firewall rule. In this case, the rule blocks access to all high-risk applications for all users.

  1. Go to Rules and policies > Firewall rules, select IPv4 or IPv6, and click Add firewall rule.
  2. Specify the settings.

    Name Description
    Rule name Block_High_Risk_Apps_Rule
    Source zones Any
    Destination zones Any
  3. Scroll to the Advanced section and select the Block_High_Risk_Apps policy.

    Select an application filter policy in a firewall rule

  4. Click Save.