Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 500 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Behaviour of Application Control

Manuel Karl

Good Monring,

I've an XGS v19.0.1 and want to set an Application Filter (AC) on top of existing Firewall rules.
But i'm not sure if i'm understanding how this mechanism is working.

My fw-rule is from "serveral internal zones" with "several defined subnets" (objects like 192.168.x.0/24) to "wan zone" and "any" (or "internet ipv4 group") with tcp ports 80/443. So all users can surfing the internet an... thats the point... using several applications which are using these ports to do several things i'm not wanting to see in an business environment.

So now i can define an application policy which i want to define as a "whitelist".
So i will define one or several entry(s) with the allowed apps and have to add a last "drop"-rule (with any application the system knows)?
Or is ja policy with one ore more allowed entrys automatically an whitelist (so all not defined applications are dropped by the xgs itself and i dont have do declare an last "any-drop-rule")?

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Hello  ,

    Thank you for reaching out to the community, FW rules on SFOS controls most of the things like Web, application, IPS..etc.
    If I understood you correctly. Then between the web and application policy, the precedence is higher for application control compared to web !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hi, thanks for your reply.

    I also have defined some webfilters on that "Surfing" outbound-rule.
    So i want to whitelist things on L7-level so that no TOR- or other proxy-services can be used over that https-ports.

    But i'm not sure if i have to define within the application policy an last "all blocking" entry after i've defined the allowed apps (e.g. some browsers, whatsapp and so on) or are all undefined (not allowed) applications automatically been blocked (no extra last manual drop entry needed).

    Thanks

Reply
  • 0 in reply to Vivek Jagad

    Hi, thanks for your reply.

    I also have defined some webfilters on that "Surfing" outbound-rule.
    So i want to whitelist things on L7-level so that no TOR- or other proxy-services can be used over that https-ports.

    But i'm not sure if i have to define within the application policy an last "all blocking" entry after i've defined the allowed apps (e.g. some browsers, whatsapp and so on) or are all undefined (not allowed) applications automatically been blocked (no extra last manual drop entry needed).

    Thanks

Children
  • 0 in reply to Manuel Karl

    For an instance if you have blocked the category like VoIP in the application, then the application categorized under VoIP will be blocked too ! You can determine via web filter and application filter logs from the log viewer, based on it you can create a custom category and try blocking it from the web rathe than from the application. And if you want to opt for the application allow/block then you need to use smart filter to allow or deny certain application which may be categorized same !  

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML