Application Control What is application control?
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 603
http://docs.fortinet.com/ • Feedback
Application Control
This section describes how to configure the application control options associated with
firewall protection profiles.
If you enable virtual domains (VDOMs) on the FortiGate unit, the application control
configuration of each VDOM is entirely separate. For example, application black/white lists
created in one VDOM will not be visible in other VDOMs. For details, see “Using virtual
domains” on page 159.
This section provides an introduction to configuring application control. For more
information see the FortiGate UTM User Guide.
This section describes:
• What is application control?
• FortiGuard application control database
• Viewing the application control black/white lists
• Creating a new application control black/white list
• Configuring an application control black/white list
• Adding or configuring an application control black/white list entry
• Application control statistics
What is application control?
Using the application control UTM feature your FortiGate unit can detect and take action
against network traffic depending on the application generating the traffic. Based on
FortiGate Intrusion Protection protocol decoders, application control is a more user-
friendly and powerful way to use Intrusion Protection features to log and manage the
behavior of application traffic passing through the FortiGate unit. Application control uses
IPS protocol decoders that can analyze network traffic to detect application traffic even if
the traffic uses non-standard ports or protocols.
The FortiGate unit can recognize the network traffic generated by a large number of
applications. You can create application control black/white lists that specify the action to
take with the traffic of the applications you need to manage and the network on which they
are active. Add application control black/white lists to protection profiles applied to the
network traffic you need to monitor.
FortiGuard application control database
Fortinet is constantly increasing the list of applications that application control can detect
by adding applications to the FortiGuard Application Control Database. Because intrusion
protection protocol decoders are used for application control, the application control
database is part of the FortiGuard Intrusion Protection System Database and both of
these databases have the same version number.
To view the version of the application control database installed on your FortiGate unit, go
to the License Information dashboard widget and find IPS Definitions version.
To Next Page
Loading...
Need help?
General