DO NOT REPRINT
© FORTINET
Lab 8: Application Control
In this lab, you will configure and use the application control in policy-based mode, to apply an appropriate action
to specified application traffic. You will the view the generated logs.
Objectives
l Configure and test application control in NGFW policy-mode.
l Read and understand application control logs.
Time to Complete
Estimated: 15 minutes
Prerequisites
Before beginning this lab, you must restore a configuration file to Local-FortiGate.
To restore the FortiGate configuration file
1. On the Local-Windows VM, open a browser and log in to the Local-FortiGate GUI at 10.0.1.254 with the user
name admin and password password.
2. In the upper-right corner of the screen, click admin, and then click Configuration > Restore.
3. Click Local PC,and then click Upload.
4. Click Desktop > Resources > FGT-Security > Application Control > Local-App-Control-
Policy.conf, and then click Open.
5. Click OK.
6. Click OK to reboot.
FortiGate Security 6.0 Lab Guide 145
Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 1: Implementing Application Control in NGFW
Policy-Based Mode
In NGFW policy-based mode, application control is applied directly on a firewall policy, without the use of an
application control profile.
The following settings are configured on the configuration file:
l NGFW policy-mode enabled
l Central SNAT policy allowing traffic in NGFW policy-mode to pass
l Firewall policy allowing all traffic to pass
In this exercise, you will configure application control on a FortiGate operating in NGFW policy-based mode.
Apply Application Control in NGFW Policy-Based Mode
You will be configuring a new firewall policy and applying application control on the policy.
To configure an application control firewall policy
1. On the Local-Windows VM, open a browser and log in to the Local-FortiGate GUI at 10.0.1.254 with the user
name admin and password password.
2. Click Policy & Objects > IPv4 Policy.
3. Click Create New.
4. Configure the following settings:
Field Value
Name Social_Media_Block
Incoming Interface port3
Outgoing Interface port1
Source all
Destination all
Service ALL
Application Social.Media
Tip: From the right pane, click Category and then search for
Social.Media.
146 FortiGate Security 6.0 Lab Guide
Fortinet Technologies Inc.
DO Exercise
NOT
Based
1: Implementing Application Control in NGFW Policy-
ModeREPRINT
Apply Application Control in NGFW Policy-Based
Mode
© FORTINET
Field Value
Action DENY
Log Violation Traffic <enable>
Enable this policy <enable>
5. Keep the default values for the remaining settings.
6. Click OK.
7. From the ID column, drag the Social_Media_Block firewall policy above the ALLOW_ALL firewall policy.
Your firewall policy order should look like this:
FortiGate Security 6.0 Lab Guide 147
Fortinet Technologies Inc.
DO Test
NOT REPRINT
Application Control Exercise 1: Implementing Application Control in NGFW Policy-Based Mode
© FORTINET
When applying application control, you should have a policy that allows all
applications. Otherwise, you allow only specific applications and all other applications
(including web browsers) will be blocked.
Test Application Control
Now that your configuration is complete, you will test application control by going to the application that you have
configured.
To test the application control firewall policy
1. Continuing on the Local-Windows VM, open new web browser tabs and go to one or more of the following URLs:
l https://www.linkedin.com
l https://facebook.com
l https://plus.google.com
None of the pages load.
2. Try to visit websites that fall under application categories other than social media, such as http://dailymotion.com.
The pages load.
3. Return to your browser tab where you are logged in to the Local-FortiGate GUI, and click Log & Report >
Application Control.
The Application Control logs section will not display if there are no application
control logs. FortiGate will show the section after creating logs. If the Application
Control menu item does not display in the GUI, refresh your browser or log out of the
Local-FortiGate GUI and log back in.
4. Search the logs for LinkedIn, Facebook, and Google Plus.
You will see logs similar to the following example:
5. Close your browser.
148 FortiGate Security 6.0 Lab Guide
Fortinet Technologies Inc.