Every network should prevent unauthorized access or attacks. What is application control in SWG firewall in cyber threat prevention?
What Is Application Control in SWG Firewall?
Application Control is a firewall feature that can be used to control traffic based on any TCP/UDP application. It is a policy-based firewall feature that is designed to allow or block traffic based on the application. You can define rules based on the applications and restrict them from using high CPU-consuming applications.
Application Control in FortiGate is the method to differentiate between various types of applications in transit. Also, this is being allowed or blocked through the FortiGate device. It prevents network threats by protecting against known malicious and non-compliant applications.
You can define Application Control policy rules for most of the applications that run over TCP/UDP protocol. Also, this includes HTTP, DNS, SMTP, FTP, POP3, IMAP4, Telnet, SIP, RTP, RTSP, and many more. Moreover, the Application Control feature can identify and block types of traffic.
The Application Control feature is available with the following FortiGate models:
1. FortiGate 300D/301D, FortiGate 400C, FortiGate 500 series and FortiGate 600C.
SWG Firewall Features
Application Control in SWG Firewall provides you with the following features:
1. It allows you to define application control policies for the network traffic. You can create application control rules for various types of applications.
2. Allows you to block or allow traffic from the applications which are running on top of TCP/UDP protocol.
3. Allows you to define application control policies for the network traffic. You can create application control rules for various types of applications.
4. Allows you to block or allow traffic from the applications which are running on top of TCP/UDP protocol.
5. Allows you to define application control policies for the network traffic. You can create application control rules for various types of applications.
6. Allows you to block or allow traffic from the applications which are running on top of TCP/UDP protocol.
This is only available in high-end models such as FortiGate 300D/301D, FortiGate 400C, FortiGate 500 series, and FortiGate 600C. So, it is not supported by other FortiGate models such as FortiGate 50E, 100E, 200E, and 300E. Also, it is used to control network traffic based on several parameters such as IP address, port number, and protocols.
Application Filter Policy
Application filter policy contains a set of rules that allows/blocks specific traffic. So, it is based on its characteristics like port number, IP address, and protocols. Also, the Application filter policies can be applied at different levels like router, subnet, and firewall interface levels.
But it cannot be applied at the individual user level (except when firewall mode is activated). So, the Application Filter policy supports both IPv4 and IPv6 addressing schemes. Also, it supports all address types including NATed addresses and IP ranges (IPv4 only).
The best part about the Application Filter policy is that it is a stateful inspection firewall technology. So it will also check your backend server’s port state and if there is some port open then only it will pass through the Application filter policy.