Description:
With application filters, you can filter network traffic according to the way that the data stream behaves. In this way, parts of an application—such as the chat feature in Skype—can be systematically filtered out, even if they are encrypted.
Info:In some cases, for example with Skype, the application filter can only classify applications after a certain number of packets have been exchanged. This means that there is no way to prevent the initial contact. However, all subsequent packets are then blocked.
This document describes the steps you need to take to configure the Application Filter in a LANCOM R&S®Unified Firewall.
Important notice:The
Application Filter does not require a proxy. It analyzes all traffic that passes through the firewall, regardless of which port is used.
Requirements:- A configured and functional Internet connection on the Unified Firewall
- Functional packet filter on the Unified Firewall (see )
- Any web browser for access to the web interface of the Unified Firewall
Procedure:1) Activating the Application Filter:1.1)
Activate the
Application Filter in the menu
UTM -> Application Filter -> Settings.
In the drop-down menu
CA for SSL interception, the
default setting is the available HTTPS proxy CA.
This setting is required for the
optional SSL inspection in the Application Filter profile (see
step 2.1).
2) Application Filter profiles 2.1) Open the menu
UTM -> Application Filter -> Profile. Here you can
create your own profiles by clicking the
“+” button. Use the
Application Filter profile settings to configure the following options:
- Profile name:
Enter a name for the Application Filter profile.
- SSL interception:
SSL interception allows R&S®Unified Firewalls to analyze incoming data traffic routed through SSL-encrypted connections and to apply the configured Application Filter profile to it.
Info:The Application Filter with
SSL interception is not applied to traffic passing through the transparent proxy step 1.2 in the following document
- Rules:
Select the protocols and applications you want to add to the profile. The protocols and applications are listed by category in the table. Use the "Filter" input field to filter the list of protocols and applications and display only the entries that match your search input.
- Click “+” to show the unfiltered list of protocols and applications.
- Click on the > button next to a category to view the protocols and applications that it contains, along with a brief description.
- You can select entire categories or individual protocols or applicationsby placing a checkmark in the appropriate box. Uncheck the box next to a category, protocol, or application to remove it from the Application Filter profile. To hide protocols and applications, click the button Ú next to the category.
2.2) Click on
Create to save the Application Filter profile.
3) Using Application Filter profiles in the firewall configuration:This configuration example shows how to
explicitly prohibit the use of certain applications. This makes use of a
blacklist of prohibited applications.
3.1) In the
LAN network object, click the
“Connection” icon and then click the Internet object that was created for the existing
WAN connection.
3.2) Switch to the
Application Filter tab in the following dialog.
3.3) This example relies on a
list of prohibited applications, so the
Mode is set to
Blacklist.
3.4) Add the
Application Filter profiles to be
used for the blacklist by clicking on
“+” for each one.
3.5) Click on the
Save button to
accept your configuration.
3.6) Implement the configuration changes in the Unified Firewall by clicking
Activate.