Fortinet black logo

Handbook

Application control

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:72943
Download PDF

Application control

Using the Application Control Security Profiles feature, your FortiGate unit can detect and take action against network traffic depending on the application generating the traffic. Based on FortiGate Intrusion Protection protocol decoders, application control is a user-friendly and powerful way to use Intrusion Protection features to log and manage the behavior of application traffic passing through the FortiGate unit. Application control uses IPS protocol decoders that can analyze network traffic to detect application traffic even if the traffic uses non-standard ports or protocols. Application control supports detection for traffic using HTTP protocol (versions 1.0, 1.1, and 2.0).

The FortiGate unit can recognize the network traffic generated by a large number of applications. You can create application control sensors that specify the action to take with the traffic of the applications you need to manage and the network on which they are active, and then add application control sensors to the firewall policies that control the network traffic you need to monitor.

Fortinet is constantly adding to the list of applications detected through maintenance of the FortiGuard Application Control Database. This database is part of the FortiGuard Intrusion Protection System Database because intrusion protection protocol decoders are used for application control and both of these databases have the same version number.

Cloud Access Security Inspection (CASI) is merged with Application Control resulting in changes to the GUI and the CLI.

You can identify the version of the application control database installed on your unit by going to the Licenses widget on the Dashboard and hovering over the IPS & Application Control line; the status, expiry date, and version will be displayed. Additionally, you can see the complete list of applications supported by FortiGuard Application Control on the FortiGuard site or http://fortiguard.com/appcontrol. This web page lists all of the supported applications. You can select any application name to see details about the application.

note icon

Application Control is a standard part of any FortiCare support contract and the database for Application Control signatures is separate from the IPS database. However, botnet application signatures are still part of the IPS signature database since these are more closely related with security issues and less about application detection.

Application control

Using the Application Control Security Profiles feature, your FortiGate unit can detect and take action against network traffic depending on the application generating the traffic. Based on FortiGate Intrusion Protection protocol decoders, application control is a user-friendly and powerful way to use Intrusion Protection features to log and manage the behavior of application traffic passing through the FortiGate unit. Application control uses IPS protocol decoders that can analyze network traffic to detect application traffic even if the traffic uses non-standard ports or protocols. Application control supports detection for traffic using HTTP protocol (versions 1.0, 1.1, and 2.0).

The FortiGate unit can recognize the network traffic generated by a large number of applications. You can create application control sensors that specify the action to take with the traffic of the applications you need to manage and the network on which they are active, and then add application control sensors to the firewall policies that control the network traffic you need to monitor.

Fortinet is constantly adding to the list of applications detected through maintenance of the FortiGuard Application Control Database. This database is part of the FortiGuard Intrusion Protection System Database because intrusion protection protocol decoders are used for application control and both of these databases have the same version number.

Cloud Access Security Inspection (CASI) is merged with Application Control resulting in changes to the GUI and the CLI.

You can identify the version of the application control database installed on your unit by going to the Licenses widget on the Dashboard and hovering over the IPS & Application Control line; the status, expiry date, and version will be displayed. Additionally, you can see the complete list of applications supported by FortiGuard Application Control on the FortiGuard site or http://fortiguard.com/appcontrol. This web page lists all of the supported applications. You can select any application name to see details about the application.

note icon

Application Control is a standard part of any FortiCare support contract and the database for Application Control signatures is separate from the IPS database. However, botnet application signatures are still part of the IPS signature database since these are more closely related with security issues and less about application detection.