Enable Application Control in a Policy

You can enable Application Control and select the Application Control action to use when you edit a policy. You can also edit the Application Control action while you edit the policy.

When you edit an Application Control action from within a policy, the updated settings also apply to any other policy that uses the selected action.

To enable Application Control in the policy configuration, from Fireware Web UI:

  1. Select Firewall > Firewall Policies.
  2. Add or edit a policy.
  3. Select the Application Control tab.
  4. From the Application Control Action drop-down list, select the configured Application Control action to use for this policy.
    The Application Control Action Settings for the selected action show in the Application Control tab.

Screen shot of Firewall Policies, edit Application Control

  1. (Optional) Edit the Application Control settings for the selected action.
  2. Click Save.

To enable Application Control in the policy configuration, from Policy Manager:

  1. In Policy Manager, add or edit a policy.
    The Policy Properties dialog box opens with the Policy tab selected.
  2. Select the Enable Application Control check box.

Screen shot of the Enable Application Control settings in the Policy Properties dialog box

  1. From the adjacent drop-down list, select the Application Control action to use for this policy.
  2. Click OK.

If you enable Application Control for an HTTPS proxy policy, you must also enable Content Inspection in the HTTPS proxy action. This is required for Application Control to detect applications over an HTTPS connection. For more information, go to HTTPS-Proxy: Content Inspection.

You can also enable and configure Application Control for a policy in the Application Control configuration. For more information, go to Configure Application Control for Policies.

When you enable Application Control for a policy, the Firebox always identifies and creates a log message for applications that are dropped due to an Application Control action. If you want the Firebox to create a log message for all identified applications, even those that are not dropped, you must enable logging in each policy that has Application Control enabled.

For information about how to enable logging in a policy, go toConfigure Logging and Notification for a Policy.

Edit or Clone Application Control Actions

When you enable Application Control for a policy, you can use an existing Application Control action or create a new action based on one of the existing actions.

An Application Control action can be used by more than one policy. If you edit an existing Application Control action, those changes apply to all policies that use that action.

If you want to modify an existing Application Control action for this policy but do not want to affect other policies, clone the action. This creates a new copy of the action that you can edit for this policy.

To view and edit the selected Application Control action in a policy, from Policy Manager:

  1. Adjacent to the Enable Application Control drop-down list, click View/Edit Application Control Action button.
  2. Edit the Application Control action as described in Configure Application Control Actions.
  3. Click OK to save the edited rule to this policy.

To clone the selected application control action in a policy:

  1. Adjacent to the Enable Application Control, click Clone application control action button.
    The Clone Application Control Action dialog box opens.
  2. Edit the new Application Control action as described in Configure Application Control Actions.
  3. Click OK.
    The new application control action is enabled for the policy.