Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 29 subscribers
  • Views 4358 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application classification - NEW

rfcat_vk

Hi folks,

over the last couple of days when reviewing the GUI - > reports section I see an application  classification of 'NEW' which has many old sites eg facebook, twitter in the report.

This classification does not appear in the daily reports.

Thoughts please?

Ian



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Michael Dunn

    Hi Team,

    Thank you for taking the time to post that KBA. I misunderstood the use of 'NEW' in this report. The 'NEW' appears to refer only to my XG configuration, not the overall classification system. I had looked at the application -> cloud applications list in past and not understood what you do with it. From my new understanding it is used to fine tune throughput, but not much else eg changing something to sanctioned does not appear to do much to the application like blocking it.

    Also the numbers in the report do not agree with the numbers in the cloud applications.

    Ian

  • 0 in reply to rfcat_vk

    Hi Team,

    a screen shot after the changes I made to the cloud applications.

    Please note the pink and green in the cloud applications section.

    Ian

  • +2 in reply to rfcat_vk
    My understanding is that a common workflow is this:
    On Day 1 there are a dozen applications, they are all New.  Admin goes through and sets them to sanctioned or unsanctioned (which only changes their colour).  Admin creates application control policies to block certain cloud apps.
    On Day 2 there is only green.  Only sanctioned apps are there.  The blocked cloud apps are blocked by policy and there is nothing new.
    On Day 3 there is green with a little red.  Some app that you previously said you is unsanctioned made it through your policy.  You adjust your application control policies.
    On Day 4 there is green with a little blue.  There is a new app for you to look at.  You do so, think it is ok, and mark it sanctioned.  Now it will come through as green.
     
    The New / Sanctioned / Unsanctioned do not in themselves affect the traffic.  The affect the reporting so that the admin can decide what to do.
    Ultimately an admin needs to know "What do I have to deal with today" and usually that is "what is going on that I have not already dealt with".  By marking acceptable cloud application traffic as green, they can then ignore it.
     
    Whether a specific cloud app like Google Drive is sanctioned or not in a particular company is a per-Admin decision.  AFAIK Sophos indicates Category, etc (like any app) but the admin decides if it is sanctioned at their company.  The word "sanctioned" is used rather than "allowed" because we tend to use "allow" for policy decisions.