In this recipe, you will use Application Control to monitor application traffic on your network and then selectively block unwanted traffic. Peer-to-peer (P2P) traffic is blocked in this example.
1. Enabling Application Control and Multiple Security Profiles |
||
|
Go to System > Feature Select and ensure that Application Control and Multiple Security Profiles are enabled. |
|
|
2. Using the default Application Control profile to monitor network traffic |
||
|
The default Application Control profile is set to monitor all applications except for Unknown Applications. You will use this profile to monitor traffic and identify any applications that should be blocked. |
||
|
Go to Security Profiles > Application Control and view the default profile. Confirm that all Categories are set to Monitor with the exception of Unknown Applications. |
 |
|
3. Editing the security policy for outgoing traffic |
||
|
Go to Policy & Objects > IPv4 Policy and edit the policy that allows connections from the internal network to the Internet. Under Security Profiles, turn on Application Control and use the default profile. To inspect all traffic, SSL/SSH inspection must be set to deep-inspection profile. |
 |
|
4. Reviewing the FortiView dashboards |
||
|
Go to FortiView > Applications and select the now view to display network traffic flowing through your FortiGate listed by application. You can see P2P traffic occurring in your network. |
 |
|
|
Double-click any application to view drilldown information, including traffic sources, traffic destinations, and information about individual sessions. |
 |
|
5. Creating an application profile to block P2P applications |
||
|
In step 4, Application Control detected traffic from BitTorrent, a P2P downloading application. In this step, you create an Application Control profile to block all P2P applications. |
||
|
Go to Security Profiles > Application Control and create a new profile. Set the P2P category to Block. |
 |
|
6. Adding the blocking profile to a security policy |
||
|
Go to Policy & Objects > IPv4 Policy and edit the policy that allows connections from the internal network to the Internet. Set Application Control to use the new profile. |
 |
|
7. Results |
||
|
Attempt to visit the BitTorrent site. A FortiGuard warning message will appear, stating that the application was blocked. |
 |
|
|
Test the P2P blocking by attempting to use the BitTorrent application. Traffic blocked. To view information about the blocked traffic, go to FortiView > Applications, select the 5 minutes view, and filter the traffic by Security Action: Blocked. |
 |
|
For further reading, check out Application control in the FortiOS 5.4 Handbook.
The post Monitoring and blocking P2P traffic appeared first on Fortinet Cookbook.