This is the third part of the series “Complete solution to protect the risk from web and application” .
In the previous two articles, I introduced to HTTP/HTTPS Scanning, but web filtering is not enough.
Example: You don’t want users access to facebook -> No problem! We are using smartphone.
Configuration
Go to Protection > Application Protection > Application Filter
If this is the first time, you only see 2 default templates (Allow All, Deny All)
In the 1st scenario, I want to block “facebook” and “skype”
Click Add new, filling name & decription with default is Allow All
Save and Edit again this rule
In Application Records, click Add
Select Individual Application > Search to “facebook” and “skype” > Choose yours
Your records may be like that, do not for get that Action must be Deny
Put Application policies to Network/user Rule
In the 2nd scenario, I only want to block “Skype file transfer”
Find Skype Services and block it, don’t click into Skype & Skype Update.
Apply this application policies rule, but it will not work. What happened?
The answer: You need to turn on Decrypt & scan HTTPS
Some micro/sub application can be blocked without the entire.
Example: I don’t want to block facebook, but “facebook chat” & “facebook messeage” are not accepted
In such case, you need HTTPS scanning to perform it. Refer to article 2 for guide.
Leave a Reply