Application Control

The Application Control functionality of Sophos UTM on AWS allows you to shape and block network traffic based on the type of traffic. In contrast to the Web Filtering functionality of Sophos UTM on AWS (see chapter Web Filtering), the application control classification engine distinguishes network traffic not only by protocol or by URL but more fine-grained. This is especially useful regarding web traffic: traffic to websites normally uses the HTTP protocol on port 80 or the HTTPS protocol on port 443. When you want to block traffic to a certain website, e.g. facebook.com, you can do that either based on that website's URL (Web Filtering). Or you can block facebook traffic independent from any URL by relying on network traffic classification.

The classification engine of Sophos UTM on AWS uses layer 7 packet inspection to classify network traffic.

Application control can be used in two ways. In a first step, you need to generally enable application control on the Network Visibility page which makes applications "visible" in a way. Now you can leave it that way (or for a certain time) to see which applications are used by your users (e.g. in Flow Monitor, logging, reporting). In a second step, you can block certain applications and allow others. This is achieved by rules which can be created on the Application Control Rules page. Additionally, you can use traffic shaping to privilege traffic of defined applications which can be configured via the Quality of Service function of Sophos.