Application Control Adding or configuring an application control black/white list entry
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 607
http://docs.fortinet.com/ • Feedback
In addition to these option, some IM applications and VoIP protocols have additional
options:
Category The applications are categorized by type. If you want to choose an IM
application, for example, select the im category, and the application
black/white list will show only the im applications.
The Category selection can also be used to specify an entire category
of applications. To select all IM applications for example, select the im
category, and select all as the application. This specifies all the IM
applications with a single application control black/white list entry.
Application The FortiGate unit will examine network traffic for the listed
application. If Application is all, every application in the selected
category is included.
Action If the FortiGate unit detects traffic from the specified application, the
selected action will be taken.
Options
Session TTL The application’s session TTL. If this option is not enabled, the TTL
defaults to the setting of the config system session-ttl CLI
command.
Enable Logging When enabled, the FortiGate unit will log the occurrence and the
action taken if traffic from the specified application is detected.
IM options
Block Login Select to prevent users from logging in to the selected IM system.
Block File Transfers Select to prevent the sending and receiving of files using the selected
IM system.
Block Audio Select to prevent audio communication using the selected IM system.
Inspect Non-standard
Port
Select to allow the FortiGate unit to examine non-standard ports for
the IM client traffic.
Display content meta-
information on the
system dashboard
Select to include meta-information detected for the IM system on the
FortiGate unit dashboard.
VoIP options
Limit Call Setup Enter the maximum number of calls each client can set up per minute.
Limit REGISTER
request
Enter the maximum number of register requests per second allowed
for the firewall policy.
Limit INVITE request Enter the maximum number of invite requests per second allowed for
the firewall policy.
Enable Logging of
Violations
Select to enable logging of violations.
Other options
Command Some of traffic types include a command option. Specify a command
that appears in the traffic that you want to block or pass.
For example, enter GET as a command in the FTP.Command
application to have the FortiGate unit examine FTP traffic for the GET
command. Multiple commands can be entered.
Method A method option is available for HTTP, RTSP, and SIP protocols.
Specify a method that appears in the traffic that you want to block or
pass.
For example, enter POST as a method in the
HTTP.Method application
to have the FortiGate unit examine HTTP traffic for the POST method.
Multiple methods can be entered.
To Next Page
Loading...
Need help?
General
