Application control policy

dorjm — Mon, 30 Sep 2024 10:31:25 GMT

We are a small data center company with a few customers. Some of them need to be inspected by Application Control, while others do not. We currently have around 500 access control rules, which are quite messy.

1.Will enabling Application Control in a unified policy (within the access control policy) affect resources, even if we are only using service-based rules? Will it still inspect traffic up to Layer 7?

2.We are trying to enable an Application Control policy. Should I add a new application layer, or is it better to integrate it into a unified policy (within the access control policy) to manage resources efficiently? or without service down?

Re: Application control policy

PhoneBoy — Mon, 30 Sep 2024 14:25:28 GMT

It is usually simpler to do the first approach (enable App Control in the existing Access Policy layer).
The contents of the "Services/Applications" column as well as the usage of Detailed/Extended Logs will determine the level of inspection done.
For best performance (i.e. full acceleration by SecureXL), rules involving simple TCP/UDP services should be higher in the rulebase than ones that involve URL Filtering Categories or Application Control signatures.

There are two ways you can do a separate layer for Application Control:

Ordered Layer (which means that ALL traffic will have to hit an Accept rule in BOTH layers to be permitted...slightly more complicated policy structure)
Inline Layers, which only processes traffic when the top-level rule is matched. For example, only traffic between Internal Zone and External Zone that is http/https (a simple TCP service) will match Rule 1 and thus be subject to the 1.x rules that involve App Control.

topic Application control policy in General Topics

Application control policy

Re: Application control policy