1.The purpose of the article
This article will guide you to configure the Synchronized Application Control feature, this feature will help administrators detect new applications in the system and control the access to these applications.
- The internet connection is connected at port 2 of the Sophos Firewall device with IP 192.168.2.103.
- The LAN subnet is configured at port 1 of the Sophos XG Firewall device with IP 10.145.41.1/24 and configured with a DHCP Server to allocate IPs to connected devices.
- Finally, computer 1 connects to the LAN and receives an IP from DHCP of 10,145.41.50/24.
Suppose the administrator has implemented blocking popular web browser applications such as google chrome, firefox to prevent users from non-work-related browsing from affecting the system bandwidth. However, users have installed the Opera web browser application and this application is currently not in the list of applications that Sophos supports, so it cannot be banned.
Now the Synchronized Application Control feature will help administrators discover this Opera web browser and control its use.
In this article, we will install the Opera web browser application on computer 1 and configure Synchronized Application Control on Sophos Firewall to scan this application and prohibit internet access with Opera.
4.Step to take
- Log in to Sophos Central account on Sophos Firewall.
- Access Opera application on computer 1 with Sophos Endpoint installed.
- Perform Opera application detection on Sophos Firewall and customize the name and category.
- Create Application policy with customized application.
- Create a firewall rule in combination with the newly created application policy.
- Perform access to the Opera application and check the results.
5.1. Log in to Sophos Central account on Sophos Firewall
Log in to Sophos Firewall’s admin page go to PROTECT > Central Synchronization and click Register.
Enter the account and password of Sophos Central in the Register device with Sophos Central panel and click Register.
Wait a few seconds, then the login is successful, at this time the Synchronized Application Control feature will automatically be turned on.
5.2.Access Opera application on computer 1 with Sophos Endpoint installed.
On computer 1 has installed Sophos Endpoint.
Then turn on the Opera application and we see that we are still browsing the web normally.
5.3.Perform Opera application detection on Sophos Firewall and customize the name and category.
After running the Opera application on computer 1 go back to the admin page of Sophos Firewall.
Go to PROTECT > Applications > Synchronized Application Control.
Select All applications, including system applications to display all the applications that Sophos has scanned on computer 1 (note that some applications take time to scan).
We will see the opera.exe application, to customized click on the three-dot icon to the right of the opera application and select Customized.
The Customize application panel appears to change the name and category as follows:
- Application name: Opera Browser.
- Application category: select General Internet.
- Click Apply.
So we have scanned and customized the Opera application.
5.4. Create Application policy with customized application.
Next we will create an application policy with the customized application.
Go to PROTECT > Applications > Application filter > click Add and fill in the following:
- Name*: Test_Synchronzied_App_Control.
- Template: select Allow All.
- Click Save.
After clicking Save, you will return to the Application filter page.
Find in the list of newly created policy and click on the name to edit.
Click Add to add the application to the policy.
In Add application filter policy rules, select Synchronized Application Control in the Technology drop-down list and select Select individual application.
Now the list of applications detected by synchronized application control appears, select the Opera Browser application and select Deny in the Action section.
5.5. Create a firewall rule in combination with the newly created application policy.
We will create a firewall rule that allows the LAN subnet to access the internet and add an application policy to this firewall rule.
Note if this firewall rule already exists, just add the application policy as shown below.
To create a firewall go to PROTECT > Rules and Policies > Add firewall rule > New firewall rule.
Configure according to the following parameters:
- Rule status: ON
- Rule name*: LAN_TO_WAN
- Action: Accept
- Log firewall traffic: check
- Rule position: Top
- Rule group: None
- Source zones*: select LAN
- Source networks and devices*: select Any.
- During scheduled time: select All the time.
- Destination zones*: select WAN.
- Destination networks*: select Any.
- Service*: select Any.
- Identify and control applications [App Control]: select application policy Test_Synchronized_App_Control from drop-down list.
- Click Save.
5.6. Perform access to the Opera application and check the results.
Finally, we will open the Opera application on computer 1 and access the internet to check.
As we can see we cannot use the Opera web browser to access the internet because it has been banned by Sophos Firewall.
We try to turn on the Microsoft Edge web browser application and access the internet.
The result is still normal access.
We will check the log to see if it’s true that Sophos Firewall blocks the Opera web browser.
On the admin page of Sophos Firewall click on Log Viewer.
A window appears with the log of Sophos Firewall.
Select Application filter to display only the log of the Application filter.
We can see that Sophos Firewall has banned internet access with the scanned and customized Opera Browser application with the Synchronized Application Control feature.