Versionen im Vergleich

Alte Version 4

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version 5

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Seiteneigenschaften


Description:

With application filters, you can filter network traffic according to the way that the data stream behaves. In this way, parts of an application - such as the chat feature in Skype - can be systematically filtered out, even if they are encrypted.
Info:
This document describes the steps you need to take to configure the Application Filter in a LANCOM R&S®Unified Firewall.
Info

In some cases, for example with Skype, the application filter can only classify applications after a certain number of packets have been exchanged. This means that there is no way to prevent the initial contact. However, all subsequent packets are then blocked.

This document describes the steps you need to take to configure the Application Filter in a LANCOM R&S®Unified Firewall.
Important notice:
Hinweis

The Application Filter does not require a proxy. It analyzes all traffic that passes through the firewall, regardless of which port is used.



Requirements:

(see Image Removed)Any web browser for access to the web interface of
  • Web browser for configuring the Unified Firewall

    The following browsers are supported:
    • Google Chrome
    • Chromium
    • Mozilla Firefox


Procedure:
1) Activating the Application Filter:
1.1) Activate the Application Filter in the menu UTM → Application Filter → Settings.
In the drop-down menu CA for SSL interception, the default setting is the available HTTPS proxy CA.
This setting is required for the optional SSL inspection in the Application Filter profile (see step 2.1).
Image Modified
2) Application Filter profiles 2.1) Open the menu UTM → Application Filter → Profile. Here you can create your own profiles by clicking the “+” button. Use the Application Filter profile settings to configure the following options:
  • Profile name:
    Enter a name for the Application Filter profile.
  • SSL interception:
    SSL interception allows R&S®Unified Firewalls to analyze incoming data traffic routed through SSL-encrypted connections and to apply the configured Application Filter profile to it.
Info:
The Application Filter with SSL interception is not applied to traffic passing through the transparent proxy (see step 1.2 in the following document Image Removed).
  • Rules:
    Select the protocols and applications you want to add to the profile. The protocols and applications are listed by category in the table. Use the "Filter" input field to filter the list of protocols and applications and display only the entries that match your search input.
    • Click “+” to show the unfiltered list of protocols and applications.
    • Click on the > button next to a category to view the protocols and applications that it contains, along with a brief description.
    • You can select entire categories or individual protocols or applications by placing a checkmark in the appropriate box. Uncheck the box next to a category, protocol, or application to remove it from the Application Filter profile. To hide protocols and applications, click the button Ú next to the category.
Info

The Application Filter with SSL interception is not applied to traffic passing through the transparent proxy (see step 1.2 in this Knowledge Base article).

Image Modified

2.2) Click on Create to save the Application Filter profile.



3) Using Application Filter profiles in the firewall configuration:
This configuration example shows how to explicitly prohibit the use of certain applications. This makes use of a blacklist of prohibited applications.
3.1) In the LAN network object, click the “Connection” icon and then click the Internet object that was created for the existing WAN connection.
Image Modified
3.2) Switch to the Application Filter tab in the following dialog.
3.3) This example relies on a list of prohibited applications, so the Mode is set to Blacklist.
3.4) Add the Application Filter profiles to be used for the blacklist by clicking on “+” for each one.
Image Modified
3.5) Click on the Save button to accept your configuration.
3.6) Implement the configuration changes in the Unified Firewall by clicking Activate.
Image Modified