Time
1 hour 35 minutes
Difficulty
Beginner

Video Description

In this lesson, you will use application control to track applications on your network and enhance security by restricting certain applications. The FortiGate database categorizes applications by Category, Technology, Popularity and Risk. In this example, you will block BitTorrent, a high-risk file sharing application that is part of the peer to peer category. You will also block access to the most popular application, YouTube. Visit Fortinet's documentation library at http://docs.fortinet.com or our video portal at http://video.fortinet.com.

Video Transcription

00:00
In this video, you will use application control to track applications on your network and enhance security by restricting certain applications.
00:09
The 40 Gait database categorizes applications by category, technology, popularity and risk.
00:18
In this example, you will block bit torrent ah, high risk file sharing application that is part of the peer to peer category.
00:26
You will also block access to the most popular application YouTube.
00:35
First, ensure that the required security features are enabled. Go to system
00:41
config features,
00:44
enable application control,
00:50
select show more
00:53
and naval multiple security profiles
00:56
and applied the changes. Next, go to Security Profile's application Control and edit the default profile.
01:07
A list of application categories. Air shown
01:10
by default. The Fort Gate monitors most applications,
01:14
select all other known applications and said it to monitor. Also said all other unknown applications to monitor
01:23
enabled deep inspection of cloud applications to allow Web based applications such as video streaming to be monitored by your four to gate,
01:40
go to policy and objects policy. I pee before to enable application control with the default profile you just modified.
01:49
Edit the policy that allows connections from the internal network to the Internet under security Profile's enable application control and use the default profile.
02:00
Enabling application control automatically enables SSL inspection
02:06
set SSL inspection too deep inspection. This may cause certificate mornings
02:12
and log all sessions.
02:20
Go to system
02:21
40 view
02:23
applications
02:24
and select 24 hour to see the traffic. Your forte Gators processing
02:29
the list is organized by application.
02:31
Double click on an entry. To learn more about a specific application,
02:37
you can see traffic sources,
02:38
destinations, threats and individual sessions.
02:45
Now go to System
02:46
four to view cloud applications and select 24 hour to see cloud application traffic with cloud applications. You can also see which videos have been viewed
03:05
to block the bit. Torrent and YouTube traffic shown in the fort of you dashboard go to Security Profile's application control
03:17
bit Torrent is a peer to peer file sharing application.
03:22
So set the peer to peer category to block
03:27
now at an application override signature to block YouTube,
03:31
search for YouTube and select all the signatures that are shown.
03:37
Then click you selected signatures.
03:39
The signatures are added to the application overrides list where they are automatically blocked,
03:46
enabled deep inspection of cloud applications
03:54
go to policy and objects policy. I pee before toe. Add the new profile to the security policy,
04:02
edit the policy that allows connections from the internal network to the Internet,
04:08
set application control. To use the new profile,
04:17
open a Web browser and go to youtube dot com.
04:23
An application blocked warning message appears.
04:27
Attempt to download a bit torrent file,
04:30
then go to System 40. View all sessions and look at the dashboard to see how traffic from BitTorrent applications is also blocked.
04:40
Select the 24 hour view and filter the traffic by application to see a list of bit torrent security events.
04:50
Thank you for watching. For more information you can access for Nets Documentation Library at doc's dot fortunate dot com.
05:00
For more information about preventing SSL inspection certificate warnings, check out this video.

Up Next