On the Web Protection > Application Control > Application Control Rules page you can create rules based on network traffic classification which define applications whose traffic should be blocked or explicitly allowed for your network.
By default, all network traffic is allowed when application control is enabled.
Application control rules can be created either via this page or via the Flow Monitor. The latter method may be more convenient, however you can only create rules for traffic currently monitored in your network.
To create an application control rule, proceed as follows:
On the Application Control Rules tab, click New Rule.
The Add Rule dialog box opens.
Make the following settings:
Name (optional): You can enter a name for the rule. If you leave the field empty the system is going to generate a name for the rule.
Group: The Group option is useful to group rules logically. With the drop-down list on top of the list you can filter the rules by their group. Grouping is only used for display purposes, it does not affect rule matching. To create a new group select the << New group >> entry and enter a descriptive name in the Name field.
Position: The position number, defining the priority of the rule. Lower numbers have higher priority. Rules are matched in ascending order. Once a rule has matched, rules with a higher number will not be evaluated anymore.
Action: Select whether the traffic is to be blocked or allowed.
Control by: Select whether to control traffic based on its application type or by a dynamic filter based on categories.
Control these applications/categories: Click the Folder icon to select applications/categories. A dialog window opens, which is described in detail in the next section.
Note – Some applications cannot be blocked. This is necessary to ensure a flawless operation of Sophos UTM. Such applications miss a checkbox in the application table of the Select Application dialog window, e.g. WebAdmin, Teredo and SixXs (for IPv6 traffic), Portal (for User Portal traffic), and some more. When using dynamic filters, blocking of those applications is also prevented automatically.
Productivity (only with Dynamic filter): Reflects the productivity score you have chosen.
Risk (only with Dynamic filter: Reflects the risk score you have chosen.
For: Select or add networks or hosts to this box whose network traffic is to be controlled by this rule. This applies only to source hosts/networks. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
Log: This option is selected by default and enables logging of traffic which matches the rule.
Comment (optional): Add a description or other information.
The new rule appears on the Application Control Rules list.
When creating application control rules you need to choose applications or application categories from a dialog window called Select one or more applications/categories to control.
The table in the lower part of the dialog window displays the applications you can choose from or which belong to a defined category. By default, all applications are displayed.
The upper part of the dialog window provides three configuration options to limit the number of applications in the table:
Tip – Each application has an Info icon which, when clicked, displays a description of the respective application. You can search the table by using the filter field in the table header.
Now, depending on the type of control you selected in the Create New Rule dialog box, do the following:
After clicking Apply, the dialog window closes and you can continue to edit the settings of your application rule.
|© 2019 Sophos Limited
|Sophos UTM 9.600