Fortinet black logo

Handbook

Blocking instant messaging

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:946242
Download PDF

Blocking instant messaging

Instant messaging use is not permitted at the Example Corporation. Application control helps enforce this policy.

The configuration steps outlined below are for FortiGate's operating in proxy-based inspection and flow-based inspection with profile-based NGFW modes.

Steps in this process

  1. First you will create an application sensor with a single entry that monitors the category that includes instant messaging applications. You will set the list action to Monitor.
  2. Next you will assign the sensor to a policy.
  3. Then you will identify the IM applications being used on your network and modify the application sensor to Block use of those messaging applications
To create the application sensor
  1. Go to Security Profiles > Application Control.
  2. Select the Create New icon in the title bar of the Edit Application Sensor window.
  3. In the Name field, enter no_IM for the application sensor name.
  4. If the Collaboration category is not already set to Monitor, then left-click on the icon next to that category and select Monitor from the dropdown menu.
  5. Select OK to save the new sensor.
To enable application control and select the application sensor
  1. Go to Policy & Objects > IPv4 Policy.
  2. Select the security policy that allows the network users to access the Internet and choose Edit.
  3. Under the heading Security Profiles toggle the button next to Application Control to turn it on.
  4. In the drop down menu field next to the Application Control select the no_IM application sensor.
  5. To inspect all traffic, SSL/SSH inspection must be set to deep-inspection profile.
  6. Select OK.
To identify IM applications in use on your network
  1. Go to FortiView > Applications.
  2. Select a time period from the options in the upper-right corner of the window and examine the list of applications.
  3. Identify any IM applications you wish to block.
To block IM applications in use on your network
  1. Go to Security Profiles > Application Control and edit the no_IM application sensor.
  2. Under Application Overrides, click on Add Signatures.
  3. Filter by Name and select the IM applications you wish to block.
  4. Click on Use Selected Signatures.
  5. The selected application will appear under Application Overrides and the action will be set to Block.

  6. Select Apply.

The IM applications identified will be blocked by the security policy that has the no IM application sensor applied to it. If other firewall policies handle traffic that users could use for applications in the same category, enable application control with the no IM application sensor for those policies as well.

Blocking instant messaging

Instant messaging use is not permitted at the Example Corporation. Application control helps enforce this policy.

The configuration steps outlined below are for FortiGate's operating in proxy-based inspection and flow-based inspection with profile-based NGFW modes.

Steps in this process

  1. First you will create an application sensor with a single entry that monitors the category that includes instant messaging applications. You will set the list action to Monitor.
  2. Next you will assign the sensor to a policy.
  3. Then you will identify the IM applications being used on your network and modify the application sensor to Block use of those messaging applications
To create the application sensor
  1. Go to Security Profiles > Application Control.
  2. Select the Create New icon in the title bar of the Edit Application Sensor window.
  3. In the Name field, enter no_IM for the application sensor name.
  4. If the Collaboration category is not already set to Monitor, then left-click on the icon next to that category and select Monitor from the dropdown menu.
  5. Select OK to save the new sensor.
To enable application control and select the application sensor
  1. Go to Policy & Objects > IPv4 Policy.
  2. Select the security policy that allows the network users to access the Internet and choose Edit.
  3. Under the heading Security Profiles toggle the button next to Application Control to turn it on.
  4. In the drop down menu field next to the Application Control select the no_IM application sensor.
  5. To inspect all traffic, SSL/SSH inspection must be set to deep-inspection profile.
  6. Select OK.
To identify IM applications in use on your network
  1. Go to FortiView > Applications.
  2. Select a time period from the options in the upper-right corner of the window and examine the list of applications.
  3. Identify any IM applications you wish to block.
To block IM applications in use on your network
  1. Go to Security Profiles > Application Control and edit the no_IM application sensor.
  2. Under Application Overrides, click on Add Signatures.
  3. Filter by Name and select the IM applications you wish to block.
  4. Click on Use Selected Signatures.
  5. The selected application will appear under Application Overrides and the action will be set to Block.

  6. Select Apply.

The IM applications identified will be blocked by the security policy that has the no IM application sensor applied to it. If other firewall policies handle traffic that users could use for applications in the same category, enable application control with the no IM application sensor for those policies as well.