Configure Application Control for Policies

Application Control is configured globally, but is not used by a policy unless you apply an action to a policy. After you create an Application Control action in the Application Control configuration, you can change the Application Control action to enable it for each policy.

To configure Application Control, from Fireware Web UI:

  1. Select Subscription Services > Application Control.
    The Application Control Actions page opens. The Application Control Policies section shows the Application Control action enabled for each policy.

Screen shot of the Application Control Policies section of the Application Control page

  1. To change the Application Control action for one or more policies, select the policies in the list.
  2. From the Select action drop-down list, select an Application Control action to apply to the selected policies.
    Or, to disable Application Control for the selected policies, select None.
  3. Click Save.

To configure Application Control, from Policy Manager:

  1. Select Subscription Services > Application Control.
    The Application Control Actions dialog box opens.
  2. Select the Policies tab.
    A list of configured policies appears. The Action column shows which Application Control action is enabled for each policy.

Screen shot of the Application Control Actions dialog box, Policies tab

  1. To change the Application Control action for one or more policies, select the policies in the list.
    Use the Control or Shift keys to select multiple policies at the same time.
  2. From the Select action drop-down list, select an Application Control action to apply to the selected policies.
    Or, to disable Application Control for the selected policies, select None.
  3. Click OK.

If you enable Application Control for an HTTPS proxy policy, you must also enable Content Inspection in the HTTPS proxy action. This is required for Application Control to detect applications over an HTTPS connection. For more information, go to HTTPS-Proxy: Content Inspection.

When you enable Application Control for a policy, the Firebox always identifies and creates a log message for applications that are dropped due to an Application Control action. If you want the Firebox to create a log message for all identified applications, even those that are not dropped, you must enable logging in each policy that has Application Control enabled.

For information about how to enable logging in a policy, go toConfigure Logging and Notification for a Policy.