Application Control

The Application Control functionality of Sophos UTM allows you to shape and block network traffic based on the type of traffic. In contrast to the Web Filtering functionality of Sophos UTM (see chapter Web Filtering), the application control classification engine distinguishes network traffic not only by protocol or by URL but more fine-grained. This is especially useful regarding web traffic: traffic to websites normally uses the HTTP Hypertext Transfer Protocol protocol on port 80 or the HTTPS Hypertext Transfer Protocol Secure protocol on port 443. When you want to block traffic to a certain website, e.g. facebook.com, you can do that either based on that website's URL Uniform Resource Locator (Web Filtering). Or you can block facebook traffic independent from any URL by relying on network traffic classification.

The classification engine of Sophos UTM uses layer 7 packet inspection to classify network traffic.

Application control can be used in two ways. In a first step, you need to generally enable application control on the Network Visibility page which makes applications "visible" in a way. Now you can leave it that way (or for a certain time) to see which applications are used by your users (e.g. in Flow Monitor, logging, reporting). In a second step, you can block certain applications and allow others. This is achieved by rules which can be created on the Application Control Rules page. Additionally, you can use traffic shaping to privilege traffic of defined applications which can be configured via the Quality of Service function of Sophos.