eG Help

Using the Application Control Security Profile feature, your FortiGate unit can detect and take action against network traffic depending on the application generating the traffic. Based on FortiGate Intrusion Protection protocol decoders, application control is a user-friendly and powerful way to use Intrusion Protection features to log and manage the behavior of application traffic passing through the FortiGate unit. Application control uses IPS protocol decoders that can analyze network traffic to detect application traffic even if the traffic uses non-standard ports or protocols.

The FortiGate unit can recognize the network traffic generated by a large number of applications. You can create application control sensors that specify the action to take with the traffic of the applications you need to manage and the network on which they are active, and then add application control sensors to the firewall policies that control the network traffic you need to monitor.

Fortinet is constantly adding to the list of applications detected through maintenance of the FortiGuard Application Control Database. This database is part of the FortiGuard Intrusion Protection System Database because intrusion protection protocol decoders are used for application control and both of these databases have the same version number.

Enabling the application control security profile helps administrators to block messages communicated through the instant messenger protocol. To understand the pattern of messages sent through the instant messenger protocol and how well the files that were sent through the instant messenger protocol were blocked, administrators can use the FgFnAppIMTest test offered by the eG Enterprise!

This test reports the number of messages that were processed through the instant messenger protocol and throws light on the files that were transferred using the instant messenger protocol. In addition, this test reports the number of files that were blocked by the firewall while being transferred and the connections that were blocked to the instant messenger. Using this test, administrators can figure out ho w well the firewall blocks the instant messages in the target environment.

Outputs of the test : One set of results for the target firewall being monitored.

Measurement	Description	Measurement Unit
Number_of_msg	Indicates the number of messages processed for the Instant Messenger protocol.	Number
File_transfer	Indicates the number of files transferred using the Instant Messenger protocol.	Number
Blocked_file_transfer	Indicates the number of files that were blocked while being transferred using the Instant Messenger protocol.	Number
Blocked_conns	Indicates the number of connections that were blocked using the Instant Messenger protocol.	Number