Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 28 subscribers
  • Views 3476 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Still unsure how to combine web filters and app filters??

john_kenny

Ive been using XG since v15 now and im starting to get used to it, but one thing that im still unsure of is how to correctly use web filters and app filters??

E.g. If i want to use web filtering on a LAN to WAN rule alone what should the app filter be set to? None or Allow all?  Taking it further if i combine an app filter with the web filter does the deny all by default still apply? i.e. should i only be setting allow rule in the app filter if combining it with a web filter?  reason i ask is ive tried setting up web filters with app filters (with allow per apps) to try to create a rule so that only the apps listed can get through the firewall?  Ive tried doing just that but i still see other apps being allowed through the firewall.  E.g i setup a rule for web browsers only, i set web filters then set an app filter on the same firewall rule thats white-listing the apps.  But i still see browsers not in the app filter getting past the firewall.

Do i need to use https decryption when using app filters?

What im trying to accomplish is to eventually have multiple app filters to restrict what apps can get through the firewall but i dont seem to be getting the fine control i expected??

Does the web proxy affect how app filters work??

Thanks

JK



This thread was automatically locked due to age.
Parents
  • 0

    I will try to answer some of your questions but app control is hit or miss for me. Generally I rely on webfiltering to control most of the stuff that I want to control. Applications that require different ports than http/s can be easily blocked by blocking those ports instead of relying on app control. 

    First thing is not to crate firewall rules that allow LAN to WAN service ANY. Control what can access the internet and what ports are being allowed. So generally, I use both web filtering and application control (deny level 5) in one rule that only allows http/s, ftp, icmp, ntp and any other well known services that you may have that you rely on.

    If you set the application filter to allow all, it means that the classification is working but you are not blocking any apps. If you set the application control to none, it means that application control is disabled. This comes in handy in qos rules where you want to throttle certain applications but don't want to block them so you set your application filter to allow all and set your qos rules accordingly.

    My advice is to not rely on application control to block all your applications. I would mostly rely on webfiltering to block categories instead of apps because it gives you greater flexibility and then use the app filter to augment it further.  

Reply
  • 0

    I will try to answer some of your questions but app control is hit or miss for me. Generally I rely on webfiltering to control most of the stuff that I want to control. Applications that require different ports than http/s can be easily blocked by blocking those ports instead of relying on app control. 

    First thing is not to crate firewall rules that allow LAN to WAN service ANY. Control what can access the internet and what ports are being allowed. So generally, I use both web filtering and application control (deny level 5) in one rule that only allows http/s, ftp, icmp, ntp and any other well known services that you may have that you rely on.

    If you set the application filter to allow all, it means that the classification is working but you are not blocking any apps. If you set the application control to none, it means that application control is disabled. This comes in handy in qos rules where you want to throttle certain applications but don't want to block them so you set your application filter to allow all and set your qos rules accordingly.

    My advice is to not rely on application control to block all your applications. I would mostly rely on webfiltering to block categories instead of apps because it gives you greater flexibility and then use the app filter to augment it further.  

Children
No Data