Sophos XG: Application Filtering

This is the third part of the series “Complete solution to protect the risk from web and application” .

In the previous two articles, I introduced to HTTP/HTTPS Scanning, but web filtering is not enough.
Example: You don’t want users access to facebook -> No problem! We are using smartphone.

Configuration

Go to Protection > Application Protection > Application Filter

If this is the first time, you only see 2 default templates (Allow All, Deny All)

In the 1st scenario, I want to block “facebook” and “skype”

Click Add new, filling name & decription with default is Allow All

Save and Edit again this rule

App filter 1

In Application Records, click Add

Select Individual Application > Search to “facebook” and “skype” > Choose yours

App filter 2

Your records may be like that, do not for get that Action must be Deny

App filter 3

Put Application policies to Network/user Rule

App filter 4

In the 2nd scenario, I only want to block “Skype file transfer”

Find Skype Services and block it, don’t click into Skype & Skype Update.

App filter 5

Apply this application policies rule, but it will not work. What happened?

The answer: You need to turn on Decrypt & scan HTTPS

Some micro/sub application can be blocked without the entire.
Example: I don’t want to block facebook, but “facebook chat” & “facebook messeage” are not accepted
In such case, you need HTTPS scanning to perform it. Refer to article 2 for guide.

Be the first to comment

Leave a Reply

Your email address will not be published.


*