On the Web Protection > Application Control > Application Control Rules page you can create rules based on network traffic classification which define applications whose traffic should be blocked or explicitly allowed for your network.
By default, all network traffic is allowed when application control is enabled.
Application control rules can be created either via this page or via the Flow Monitor. The latter method may be more convenient, however you can only create rules for traffic currently monitored in your network.
To create an application control rule, proceed as follows:
On the Application Control Rules tab, click New Rule.
The Add Rule dialog box opens.
Make the following settings:
Name (optional): You can enter a name for the rule. If you leave the field empty the system is going to generate a name for the rule.
Group: The Group option is useful to group rules logically. With the drop-down list on top of the list you can filter the rules by their group. Grouping is only used for display purposes, it does not affect rule matching. To create a new group select the << New group >> entry and enter a descriptive name in the Name field.
Position: The position number, defining the priority of the rule. Lower numbers have higher priority. Rules are matched in ascending order. Once a rule has matched, rules with a higher number will not be evaluated anymore.
Action: Select whether the traffic is to be blocked or allowed.
Control by: Select whether to control traffic based on its application type or by a dynamic filter based on categories.
- Applications: The traffic is controlled application-based. Select one or more applications in the box Control These Applications.
- Dynamic filter: The traffic is controlled category-based. Select one or more categories in the box Control These Categories.
Control these applications/categories: Click the Folder icon to select applications/categories. A dialog window opens, which is described in detail in the next section.
Note – Some applications cannot be blocked. This is necessary to ensure a flawless operation of Sophos UTM on AWS. Such applications miss a checkbox in the application table of the Select Application dialog window, e.g. WebAdmin, Teredo and SixXs (for IPv6 traffic), Portal (for User Portal traffic), and some more. When using dynamic filters, blocking of those applications is also prevented automatically.
Productivity (only with Dynamic filter): Reflects the productivity score you have chosen.
Risk (only with Dynamic filter: Reflects the risk score you have chosen.
For: Select or add networks or hosts to this box whose network traffic is to be controlled by this rule. This applies only to source hosts/networks. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
Log: This option is selected by default and enables logging of traffic which matches the rule.
Comment (optional): Add a description or other information.
The new rule appears on the Application Control Rules list.
When creating application control rules you need to choose applications or application categories from a dialog window called Select one or more applications/categories to control.
The table in the lower part of the dialog window displays the applications you can choose from or which belong to a defined category. By default, all applications are displayed.
The upper part of the dialog window provides three configuration options to limit the number of applications in the table:
- Category: Applications are grouped by category. This list contains all available categories. By default, all categories are selected, which means that the table below displays all applications available. If you want to limit the displayed applications to certain categories, click into the category list and select only one or more categories relevant to you.
- Productivity: Applications are also classified by their productivity impact which means how much they influence productivity. Example: Salesforce, a typical business software, has the score 5 which means its usage adds to productivity. On the contrary, Farmville, an online game, has the score 1 which means its usage is counterproductive. The network service DNS has the score 3 which means its productivity impact is neutral.
- Risk: Applications are also classified by the risk they carry when used with regard to malware, virus infections, or attacks. A higher number means a higher risk.
Tip – Each application has an Info icon which, when clicked, displays a description of the respective application. You can search the table by using the filter field in the table header.
Now, depending on the type of control you selected in the Create New Rule dialog box, do the following:
- Control by dynamic filter: Select the categories from the Category box and click Apply to adopt the selected categories to your rule.
- Control by application: From the table, select the applications you want to control by clicking the checkbox in front. Click Apply to adopt the selected applications to your rule.