Configure Application Control Actions

To block application traffic, you can create Application Control actions. You apply these actions to one or more policies to enforce consistent rules for application usage. An Application Control action contains a list of applications and associated actions. For each application, you can specify whether to drop or allow the connection. You can also configure what action to take if the traffic that is detected does not match the application.

If an application or a specific application behavior that you want to drop is not available in Application Control, contact WatchGuard Technical Support for assistance.

For each application, you can choose one of these actions:

  • Drop — Drop the selected application
  • Allow — Allow the selected application

For some applications, you can control specific application behaviors. For each behavior, you can set the action to Drop or Allow. The behaviors you can control depend on the application. Not all behaviors apply to all applications. The application behaviors you can control are:

  • Authority — Log in
  • Access — Command to get access to a server or peer
  • Communicate — Communicate with server or peer (chat)
  • Connect — Unknown command (P2P connect to peer)
  • Games — Online games
  • Media — Audio and video
  • Transfer — File transfer

For each Application Control action, you configure an action to take if traffic does not match one of the configured applications. You can set this action to:

  • Allow — Allow traffic that does not match the configured applications
  • Drop — Drop traffic that does not match the configured applications
  • Use Global Action — Use the Global Application Control action if traffic does not match

If traffic does not match one of the configured applications, and you set the action to take to Use Global action, Application Control uses the Global Application Control action for any traffic that does not match. You can also assign the Global Application Control action to a policy. The Global Application Control action is created by default and cannot be removed.

If you have configured Traffic Management actions, you can also use Traffic Management actions in the Application Control action to control the bandwidth used for allowed application traffic. For more information, see Use Traffic Management with Application Control.

Get the Latest Signatures

The list of applications you can control is based on a set of application signatures that Application Control uses to identify the application. The list of applications changes over time as the signature set is updated. As part of the Application Control security subscription, your Firebox automatically downloads updated application signatures from a WatchGuard server. Your management computer gets the updated application signature set when you connect to the device.

Add or Edit Application Control Actions

To see and edit all of the Application Control actions:

  1. Select Subscription Services > Application Control.

Screen shot of the Application Control page
Application Control Actions in Fireware Web UI

Screen shot of the Application Control Actions dialog box
Application Control Actions in Policy Manager

  1. To create a new Application Control action, click Add.
    Or, to edit an action, select the action name and click Edit.

Screen shot of the Application Control Action Settings page
Application Control Action settings in Fireware Web UI

Screen shot of the New Application Control Action dialog box
Application Control Action settings in Policy Manager

  1. If this is a new action, in the Name text box, type the name for the action. Optionally, type a Description.
  2. To filter the application list, select an option:
    • Show all applications — Show all applications you can configure
    • Show only configured applications — Show the applications that have a configured action
    • Category — Select a category to filter by application category
    • Search — Search for applications that contain a specific word or phrase
  3. To configure an application for this Application Control action, select an application in the list and click Edit.

Screen shot of the Actions by Application dialog box
Application Control configuration in Fireware Web UI

Screenshot of the Application Control configuration in Fireware Web UI
Application Control configuration in Policy Manager

  1. Select an option:
    • Set the action for all behaviors
      From the drop-down list, select the action to take for this application:
    • Drop — Block the selected application
    • Allow — Allow the selected application
    • Set the action for specific behaviors. Select the check box for each behavior to control. Select Drop or Allow for each selected behavior.

If you select multiple applications, you can set the action to apply to all selected applications, but you cannot set the action for specific behaviors.

  1. If you set the action for all behaviors or a specific behavior to Allow, and you have configured a Traffic Management action, you can enable Traffic Management and select the Traffic Management action to control the bandwidth used by the application. For more information, see Use Traffic Management with Application Control.
  2. Click OK.
    The configured action shows in the Action column.

Screen shot of the Application Control Action Settings page with actions configured
Application Control Action settings in Fireware Web UI

Screen shot of the New Application Control Action dialog box, with actions configured
Application Control Action settings in Policy Manager

  1. To select an action for all applications in a category, click Select by Category.
    For more information, see Use Application Categories.
  2. Save your configuration.
    The Application Control action is added to the list, but is not yet applied to a policy.

Screen shot of the Application Control page, with a new action added
Application Control Actions in Fireware Web UI

Screen shot of the Application Control Actions dialog box
Application Control Actions in Policy Manager

Remove Configured Applications From an Application Control Action

To remove a configured application from an Application Control action:

  1. Select Subscription Services > Application Control.
  2. Select an Application Control action. Click Edit.
    The settings for the selected Application Control Action show.
  3. To show only the configured applications, select Show only configured applications
    The list updates to show only the applications configured for this Application Control action.

Screen shot of the Application Control Action Settings page
Application Control Action configuration in Fireware Web UI

Screen shot of the Edit Application Control Action dialog box
Application Control Action configuration in Fireware Web UI

  1. Select one or more configured applications to remove from this Application Control action.
  2. To clear the action for the selected applications, click Clear Action.
    The action for the selected applications is cleared. The application is removed from the configured applications list.
  3. Save your configuration.

To block an entire application category, you can click Select by Category. For more information, see Use Application Categories.

Apply an Application Control Action to a Policy

When you create an Application Control action, it is not automatically applied to your policies. There are two ways you can apply an application control to a policy.

Clone an Application Control Action

To create an Application Control action that is similar to one that you have already created, you can clone (copy) an existing Application Control action.

To clone an Application Control Action, from Fireware Web UI:

  1. Select Subscription Services > Application Control.
    The Application Control page opens.

Screen shot of the Application Control Actions list with an action selected

  1. From the Application Control Actions list, select an Application Control action.
  2. Click Clone.
    The Application Control Action settings page opens.
  3. In the Name text box, type a new name for this action.
  4. (Optional) In the Description text box, type a new description for this action.
  5. Select Show only configured applications to see the applications already configured in this action.
  6. Edit the Application Control action as described in the previous section.
  7. Click Save to save the new Application Control action.
    The new action shows in the list Application Control actions list.

To clone an Application Control Action, from Policy Manager:

  1. In the Application Control Actions dialog box:
  2. Select the Actions tab.
  3. Select an Application Control action.
  4. Click Clone.
    The Clone Application Control Action dialog box opens.

Screen shot of the Clone Application Control Action dialog box

 

  1. In the Name text box, type a new name of this action.
  2. (Optional) In the Description text box, type a new description for this action.
  3. Select Show only configured applications to see the applications already configured in this action.
  4. Edit the Application Control action as described in the previous section.
  5. Click OK to save the new Application Control action.
    The new action shows in the list Application Control actions list.

Remove Application Control Actions

From the Application Control configuration, you can remove any Application Control action that is not used in a policy.

  1. Select an Application Control action.
  2. Click Remove.
    The action is removed from the list.

See Also

Use Application Categories

Get Information About Applications

About Application Control