First, the appcontrol command must be used to create a list of the applications we are interested
in.
gw-world:/> appcontrol -filter -name=*_groups -save_list
This creates a list with a designation of 1. Next, the list is used in an IP rule.
gw-world:/> add IPRule Action=Allow
SourceInterface=lan
SourceNetwork=lannet
DestinationInterface=all
DestinationNetwork=all-nets
Service=all_services
AppControl=Yes
AC_AppAction=Deny
AC_Applications=1
Name=Allow_Comp
Web Interface
1. Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2. Specify a suitable name for the rule, in this case Allow_Comp
3. Now enter:
• Action: Allow
• Service: all_services
• Source Interface: lan
• Source Network: lannet
• Destination Interface: all
• Destination Network: all-nets
4. Go to the Application Control tab and enter the following:
• Application Control: Enable
• Use Manual Configuration: Enable
• Application Action: Deny
• Using the Add button, select yahoo_groups and google_groups from the application
definitions.
5. Click OK
Using an Application Rule Set
As described previously, another, recommended way of controlling applications is to create an
Application Rule Set object and associate this with an IP Rule or IP Policy object.
An Application Rule Set object will contain one or more Application Rule objects as children and
Chapter 3: Fundamentals
254
To Next Page
Loading...
