Basic Application Control

Video Activity

In this lesson, you will use application control to track applications on your network and enhance security by restricting certain applications. The FortiGate database categorizes applications by Category, Technology, Popularity and Risk. In this example, you will block BitTorrent, a high-risk file sharing application that is part of the peer to pe...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Beginner
CEU/CPE
2
Video Description

In this lesson, you will use application control to track applications on your network and enhance security by restricting certain applications. The FortiGate database categorizes applications by Category, Technology, Popularity and Risk. In this example, you will block BitTorrent, a high-risk file sharing application that is part of the peer to peer category. You will also block access to the most popular application, YouTube. Visit Fortinet's documentation library at http://docs.fortinet.com or our video portal at http://video.fortinet.com.

Video Transcription
00:00
>> In this video, you will use
00:00
application control to track applications on
00:00
your network and enhance security
00:00
by restricting certain applications.
00:00
The FortiGate database
00:00
categorizes applications by category,
00:00
technology, popularity, and risk.
00:00
In this example, you will block BitTorrent,
00:00
a high-risk file-sharing application
00:00
that is part of the peer-to-peer category.
00:00
You will also block access to
00:00
the most popular application, YouTube.
00:00
First, ensure that
00:00
the required security features are enabled.
00:00
Go to "System", "Config", "Features".
00:00
Enable "Application Control".
00:00
Select "Show More".
00:00
Enable "Multiple Security Profiles"
00:00
and apply the changes.
00:00
Next, go to "Security Profiles",
00:00
"Application Control" and edit the default profile.
00:00
A list of application categories are shown.
00:00
By default, the FortiGate monitors most applications.
00:00
Select "All Other Known
00:00
Applications" and set it to "Monitor".
00:00
Also set "All Other Unknown Applications" to "Monitor".
00:00
Enable "Deep Inspection of Cloud
00:00
Applications" to allow web-based applications,
00:00
such as video streaming to
00:00
be monitored by your FortiGate.
00:00
Go to "Policy & Objects", "Policy",
00:00
"IPv4" to enable application control
00:00
with the default profile you just modified.
00:00
Edit the policy that allows
00:00
connections from the internal network to the Internet.
00:00
Under "Security Profiles" enable
00:00
"Application Control" and use the default profile.
00:00
Enabling application control
00:00
automatically enables SSL inspection.
00:00
Set "SSL Inspection" to "deep-inspection".
00:00
This may cause certificate warnings.
00:00
Log "ALL Sessions".
00:00
Go to "System" "FortiView"
00:00
"Applications" and select 24-hour
00:00
to see the traffic your FortiGate is processing.
00:00
The list is organized by application.
00:00
Double-click on an entry to learn
00:00
more about a specific application.
00:00
You can see traffic sources,
00:00
destinations, threats, and individual sessions.
00:00
Now go to "System" "FortiView",
00:00
"Cloud Applications", and select
00:00
24-hour to see Cloud application traffic.
00:00
With Cloud applications,
00:00
you can also see which videos have been viewed.
00:00
To block the BitTorrent and YouTube
00:00
traffic shown in the FortiView dashboard,
00:00
go to "Security Profiles" "Application Control".
00:00
BitTorrent is a peer-to-peer file-sharing application.
00:00
Set the peer-to-peer category to "Block".
00:00
Now add an application override signature
00:00
to block YouTube.
00:00
Search for YouTube and
00:00
select all the signatures that are shown.
00:00
Then click "Use Selected Signatures".
00:00
The signatures are added to
00:00
the application override's list
00:00
where they are automatically blocked.
00:00
Enable "Deep Inspection of Cloud Applications".
00:00
Go to "Policy & Objects", "Policy",
00:00
"IPv4" to add the new profile to the security policy.
00:00
Edit the policy that allows connections
00:00
from the internal network to the Internet.
00:00
Set "Application Control" to use the new profile.
00:00
Open a web browser and go to youtube.com.
00:00
An application blocked warning message appears.
00:00
Attempt to download a BitTorrent file.
00:00
Then go to "System" "FortiView", "All Sessions",
00:00
and look at the dashboard to see how traffic
00:00
from BitTorrent applications is also blocked.
00:00
Select the 24-hour view,
00:00
and filter the traffic by application to
00:00
see a list of BitTorrent security events.
00:00
Thank you for watching.
00:00
For more information you can access
00:00
Fortinet's documentation library at docs.fortinet.com.
00:00
For more information about preventing
00:00
SSL inspection certificate warnings,
00:00
check out this video.
Up Next