Application Control:

o FortiGate’s can recognize network traffic generated by a large number of applications.

o The Application control sensors specify what action to take with the application traffic.
o Application control uses IPS protocol decoders that can analyze network traffic to detect.
o Detect application traffic, even if the traffic uses the non-standard ports or the protocols.
o In FortiGate Firewall application control supports traffic detection using HTTP protocol.
o There includes three preloaded application sensors, default, wifi-default & block-high-risk.
o Customize these sensors or can create own to log & manage applications on the network.
o Once Application Control configured, can add the application sensor to the firewall policy.
o App Control functionality requires a subscription to the FortiGuard Application Control.
o Once created an application sensor, can define the applications that you want to control.
o Can add applications & filters using categories, application overrides, &/or filter overrides.
o App Control categories allow you to choose groups of signatures based on a category type.

Categories Choose groups of signatures based on a category type.

Application Overrides Choose individual applications.
Filter Overrides Select groups of applications and override the application signature
settings for them.

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

Category Filters and Overrides:
Once you have created an application sensor, you can define the applications that you want to
control. You can add applications and filters using categories, application overrides, and/or
filter overrides with designated actions (monitor, allow, block, or quarantine). Categories allow
you to choose groups of signatures based on a category type. Applications belonging to the
category trigger the action that is set for the category.
Multiple application signatures can be added for one sensor with a designated action. Filters
can be added based on behavior, application category, popularity, protocol, risk, technology, or
vendor subtypes.

Excluding Signatures:
In an application control list, the exclusion option allows users to specify a list of applications
they wish to exclude from an entry filtered by category, technology, or others. By excluding the
signature, the application is no longer processed on the entry in which it is excluded, but may
match subsequent entries that exist.

Port Enforcement Check:

Most networking applications run on specific ports. For example, SSH runs on port 22, and
Facebook runs on ports 80 and 443. If the default network service is enabled in the application
control profile, a port enforcement check is done at the application profile level, and any
detected application signatures running on the non-standard TCP/IP port are blocked. This
means that each allowed application runs on its default port. Protocol enforcement allows you
to configure networking services (e.g. FTP, HTTP, HTTPS) on known ports (e.g. 21, 80, 443). For
protocols that are not allowlisted under select ports, the IPS engine performs the violation
action to block, allow, or monitor that traffic.

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717