Monitor Application Control
- Select Dashboard > Subscription Services.
- Scroll down to the Application Control section.
The Subscription Services dashboard shows:
- Number of scans performed
- Number of applications detected by Application Control scans
- Number of applications blocked by Application Control scans
For more information, go to Subscription Services.
Use Firebox System Manager and the WatchGuard Report Server to monitor Application Control activity.
In Firebox System Manager, the Subscription Services tab shows current WatchGuard device statistics about Application Control activity that occurred after the last device restart. The Application Control statistics available in Firebox System Manager are:
- Installed version of Application Control signatures
- Date that Application Control signatures were last updated
- Latest available version of Application Control signatures
- Number of scans performed
- Number of applications detected by Application Control scans
- Number of applications blocked by Application Control scans
For more information, go to Subscription Services Statistics (Subscription Services).
Monitor Application Use
When you start to use Application Control, we recommend that you first configure your policies to send log messages for all application use so that you get a true understanding of the applications that are used on the network. To monitor application use, you can enable Application Control and logging for all policies that match the application traffic. After you enable Application Control and logging for a policy, all application activity for traffic through that policy is recorded in the log database and available for the Application Control reports, even if the Global Application Control action is empty.
To monitor application use:
- Create an Application Control action that does not block any applications.
The Global action is empty by default, so it does not block applications.
For more information, go to Configure Application Control Actions.
- Apply the empty Application Control action to the policies that handle traffic you want to monitor.
For information about how to enable Application Control, go to Enable Application Control in a Policy.
For information about which policies to configure, go to Policy Guidelines for Application Control.
- Enable logging in each policy that has Application Control enabled.
For information about how to enable logging in a policy, go to Configure Logging and Notification for a Policy.
If you do not enable logging for a policy that has Application Control enabled, Application Control saves log information only for blocked applications.
Run Application Control Reports
After you have enabled Application Control and logging in your policies, you can use the predefined WatchGuard reports to see information about the applications used on your network. You can use Report Manager to view the Available Reports that the Report Server has already generated or you can generate new On-Demand Reports or Per Client Reports.
To generate Application Control reports, you must set up a Log Server and a Report Server. For more information about WatchGuard servers, go to Set Up & Administer WatchGuard Servers.
These predefined WatchGuard reports are available for Application Control:
Application Control Reports
- Application Usage Summary
- Top Applications by User
- Top Application by Host
- Top Users Blocked
- Top Hosts Blocked
Client Reports — Show which users use the applications
- Top Clients by Application Usage
- Top Clients by Blocked Applications
- Top Clients by Blocked Categories
Client reports show the names of users who use applications if you have configured authentication on the firewall.
Before you configure Application Control to block applications, we recommend that you examine the Application Usage Summary and the Top Clients by Application Usage reports.
When you look at the Application Usage reports, consider these questions:
- Does the report show any application categories that seem to conflict with corporate policy?
- Are the applications appropriate for business use?
- Which users use the applications? You can use reports that show application use by client. The authentication capabilities enable you to see client reports by user name rather than by IP address. You can also identify user traffic in Terminal Services environments.
For information about how to configure Terminal Services, go to Configure Terminal Services Settings.
If the reports show an application that you are not familiar with, you can find information about the application on the WatchGuard Application Control Security Portal at https://securityportal.watchguard.com/Applications.