How to use APP Enforcement?
APP Enforcement (APPE) helps Network Administrator to block applications (IM/P2P/Protocol/Others) on LAN network. The following example shows how to prevent LAN clients from using PPTV service by APPE.
1. Create an APP Enforcement Profile: Click on an Index number to create a new profile at CSM >> APP Enforcement Profile
2. Set up the details in the profile.
- Enter Profile Name
- Choose the category/APP which you want to block.
- Click OK to save
3. Use the APP Enforcement Profile in a Firewall Filter Rule: Go to Firewall >> Filter Setup >> Filter Set 2
4. Click on a Filter Rule number to set up a filter.
5. Set up the details in the profile.
- Enable the Filter Rule.
- Select the Direction to LAN/DMZ/RT/VPN -> WAN
- (optional) Edit the Source IP if you want to apply this firewall rule to certain IP only.
- Select Filter as 'Pass Immediately'.
- Select APP Enforcement profile we created in Step 2.
- (optional) You may also enable Syslog if needed.
- Click OK to save.
6. With the above configuration, LAN clients with IP address 192.168.1.10 will not be able to use PPTV.
7. If "Syslog" is enabled the firewall rule, we will see the following message in Syslog when APP Enforcement is working.
1. Go to System Maintenance >> APP Signature Upgrade >> Auto APP Signature Upgrade to make sure the router has the latest version of APP Signature.
2. Go to Firewall >> Filter Setup, and click Add in the Application Filter tab
- Give a Profile Name
- Enable the profile
- (optional) Set up Time Object for office hour and Source IP of specific LAN clients
3. Click Add in APP Block
- Select the forbidden application(s).
- Click Apply
Now we can try to open TOR browser to see if it's blocked.
Enable Syslog to print the Firewall Log. We will see the following message on the Syslog File tab when the APP filter is triggered.
Published On: 2020-03-20
Was this helpful?