AppCtrl basic category filters and overrides
Once you have created an application sensor, you can define the applications that you want to control. You can add applications and filters using categories, application overrides, and/or filter overrides.
- Categories: Choose groups of signatures based on a category type. l Application overrides: Choose individual applications. l Filter overrides: Select groups of applications and override the application signature settings for them.
Categories
Categories allow you to choose groups of signatures based on a category type.
Applications belonging to the category trigger the action set to the category.
To set category filters in the CLI:
config application list edit {id} config entries edit 1 set category {id}
| ID | Select Category ID |
| 2 | P2P |
| 3 | VoIP |
| 5 | Video/Audio |
| 6 | Proxy |
| 7 | Remote.Access |
| 8 | Game |
| 12 | General.Interest |
| 15 | Network.Service |
| 17 | Update |
| 21 | |
| 22 | Storage.Backup |
| 23 | Social.Media |
| 25 | Web.Client |
| 26 | Industrial |
| 28 | Collaboration |
| 29 | Business |
| 30 | Cloud.IT |
| 31 | Mobile |
| set action {pass | block | reset}
pass Pass or allow matching traffic. block Block or drop matching traffic. reset Reset sessions for matching traffic. |
|
set log {enable | disable} next
end
next
end
To set category filters in the GUI:
- Go to Security Profiles > Application Control.
- Under Categories, left click the icon next to the category name to view a dropdown of actions:
l Allow l Monitor l Block l Quarantine l View signatures
- Select OK.
Application and filter overrides
| Override type | Setting |
| Application | Type: Choose Application for application overrides. |
| Action: Can be set to Monitor/Allow/Block/Quarantine. | |
| Application: Multiple app signatures can be added for one entry. A slide-in presenting an application list will be shown to select specific app signatures, and the search box can be used to filter matched signatures. | |
| Filter | Type: Choose Filter for filter overrides. |
| Action: Can be set to Monitor/Allow/Block/Quarantine. | |
| Filter: Filters can be selected by behavior, application category, technology, popularity, protocol, risk, or vendor subtypes. | |
| Search box: Can be used to determine if the input signature is included in selected filters, where matched applications are shown at the bottom. |
To set overrides in the CLI:
config application list edit {id}
config entries
edit 1 set protocols {0-47} #network protocol ID
set risk {id}
*level Risk, or impact, of allowing traffic from this application to
occur (1 – 5; Low, Elevated, Medium, High, and Critical).
set vendor {0-25} #vendor ID
set technology {id}
All All
- Network-Protocol
- Browser-Based
- Client-Server
4 Peer-to-Peer
set behavior {id}
All All
- Botnet
- Evasive
- Excessive-Bandwidth
- Tunneling
9 Cloud
set popularity {1-5} #Popularity level 1-5
set action {pass | block | reset}
pass Pass or allow matching traffic.
block Block or drop matching traffic.
reset Reset sessions for matching traffic.
set log {enable | disable}
next
end next end
To set overrides in the GUI:
- Go to Security Profiles > Application Control.
- Under the Application and FilterOverrides table, click Create New.
- To add individual applications:
- Select Application as the Type.
- Choose an action to be associated with the application.
- Select the + button in the Application field and choose the specific applications from the list where app signatures are displayed. Multiple applications may be selected.
- Select OK.
- To add advanced filters:
- Create another entry in the Application and FilterOverrides
- Select Filter as the Type.
- Select Cloud under the behavior section from the Select Entries Matched signatures are shown along the bottom.
- Select OK.