Description
This article explains how to use the Application override.
Its features are the control of specific application traffic and looking to exempt/switch action of any specific application from the defined application category action.
Scope
ForitGate, All application control signatures
Solution
If it is require to control the flow of traffic from a specific application, traffic generally by the source or destination address, or by the port, may not be sufficient to precisely define the traffic.
To address this problem, the application control feature examines the traffic itself for signatures unique to the application generating it.
Steps for enabling Application override :
GUI steps :
Go to: Security Profiles -> Application Control -> Application Overrides
Select 'Add Signatures' to add the specific Application.
Select 'Add Filter' to filter the application.
Select 'Add Filter' to filter the application.
For newer versions after v7.x.x Application Filter looks like below:
Select 'Create New' to add the specific Application.
It is possible to filter the application via Behavior, Category, Language, Name, Popularity, Protocol, Risk, Technology and Vendor
(Best option will be Name):
Select filter as name (example), type the specific application name.
Select the required signatures by clicking on 'Use Selected Signatures'
Select the required signatures by clicking on 'Use Selected Signatures'
To select them either right-click on the application name and sel button 'Add Selected' or select the application and click on button 'Add Selected'.
The selected Application are available in the list.
Set the action
Click on 'Apply'
Add the same Application profile to the required IPv4 policy.
Add the same Application profile to the required IPv4 policy.
And can be Verified from the Application log as well. To check the path Log &Report -> Security Events -> Application Control.
