user tries to use the chat function.
Associating the application rule set created together with an IP policy will not be included in the
example but follows the same steps shown in the previous example.
Web Interface
First, define the Application Rule Set:
1. Go to: Policies > Firewalling > Application Rule Sets > Add > Application Rule Set
2. Specify a suitable name for the list, in this case facebook_list
3. Set the Default Action to Allow
4. Click OK
Next, define an Application Rule in this rule set:
1. Go to: Policies > Firewalling > Application Rule Sets > facebook_list > Add >
Application Rule
2. Select Allow for the Action
3. Under Application Filter press Select filter to open the filter dialog
4. Under Tag select Social Networking
5. Choose Matches specific applications
6. Open the Web node and choose Facebook
7. Press the Select button to close the filter dialog
Define an Application Content filter:
1. Select the Content Control tab
2. For Chat set Action to be Deny and Log to be Log
3. Click OK
Lastly, associate this Application Rule Set with the appropriate IP Policy that triggers on the
relevant traffic as shown in an earlier example.
Data Leakage Can Occur
Application control functions by analyzing sequential streams of packets and a certain number of
packets must be processed using signatures before a determination can be made as to which
application it is.
This means that it is inevitable that not all the packets belonging to a targeted application can be
caught and some data leakage will occur where some blocked traffic will arrive at its destination.
However, when using IP rules or IP policies only, every packet of the triggering connection will
be blocked and there is no data leakage.
Chapter 3: Fundamentals
261
To Next Page
Loading...
