gw-world:/> set IPPolicy lan_to_wan_policy
AppControl=Yes
AC_RuleList=bt_app_list
Finally, set the source network address object of lan_to_wan_policy so it has the same group
name as the application rule:
gw-world:/> set Address IP4Address lan_users_net UserAuthGroups=rogue_users
Note that the following would also allow application control to function:
gw-world:/> set Address IP4Address lan_users_net NoDefinedCredentials=Yes
Web Interface
First, define the Application Rule Set:
1. Go to: Policies > Firewalling > Application Rule Sets > Add > Application Rule Set
2. Specify a suitable name for the list, in this case bt_app_list
3. Set the Default Action to Allow
4. Click OK
Next, define an Application Rule as a child.
1. Go to: Policies > Firewalling > Application Rule Sets > bt_app_list > Add > Application
Rule
2. Select Allow for the Action
3. Enable Application Control and add the signatures bittorrent and utp (both are required for
BitTorrent).
4. Select Authentication Settings and enter the group name rogue_users
5. Select Traffic Shaping Settings and move the pipe narrow_025_pipe into the Selected list
for both the Forward chain and Return chain
6. Click OK
Associate the Application Rule Set with the IP Policy:
1. Go to: Policies > Firewalling > Main IP Rules > lan_to_wan_policy
2. Specify a suitable name for the list, in this case bt_app_list
3. Select Application Control
4. In the dialog:
• Set Enable Application Control to Yes
• Set the Application Rule Set to bt_app_list
Chapter 3: Fundamentals
257
To Next Page
Loading...
