Block high-risk applications
You can create policies to block traffic to high-risk applications. New applications are automatically added to application filters and firewall rules when the application signature database is updated. For example, if a new signature is added for a high-risk application that has an application filter to block these applications, Sophos Firewall also blocks the application based on the new signature.
Objectives
When you complete this unit, you'll know how to do the following:
- Create an application filter policy to block traffic for high-risk applications.
- Create a firewall rule and add the policy.
Create an application filter policy
Create an application filter policy that blocks all high-risk applications.
- Go to Applications > Application filter and click Add. The firewall creates a new blank policy. By default, the policy accepts all traffic. You specify rules after you save the policy.
-
Enter a name.
Name Description Name Block_High_Risk_Apps -
Click Save.
-
In the list of application filters, locate the filter you just added and click Edit .
-
Click Add.
-
Click Select All to include all applications returned by the filter criteria.
-
From the Risk filter, select High and Very High, and click OK.
-
Specify the settings.
Name Description Action Deny Schedule All the time -
Click Save to add the rule.
- Click Save to update the policy.
Create a firewall rule and apply the policy
The application filter policy takes effect when you add it to a firewall rule. In this case, the rule blocks access to all high-risk applications for all users.