Managing Application Control in Micro Edge
Overview
Micro Edge uses a commercial, third-party engine to perform an in-depth inspection on traffic, classifying each session with a particular application such as YouTube or Zoom. The Application Control UI provides the admin with a listing of all application signatures usable within Micro Edge, as well as a brief description of each. It also enables the admin to block application traffic with the simplicity of a check-box.
Note that the Application Control panel provides only the ability to block or flag application traffic. For more information on using application-based routing or traffic shaping/QoS, please refer to these articles:
Enabling Application Control scanning
Go to Settings > Services > Application Control to view and manage your Application Control settings.
There are two switches at the top of the page.
- Enabled turns Application Control scanning & classification on or off.
- Cloud Classification enables the use of "inferred" application signatures. This identifies traffic from the first packet, but can result in false positives. For more information on inferred vs. matching criteria, please refer to Application identification in Micro Edge
Attributes of application signatures
Attribute | Purpose |
Name, in bold type | Identifies the signature in a human-readable/friendly format. |
ID, in parentheses | Identifies the signature in a machine-friendly format. |
Category | Themed grouping of applications, such as Games or Productivity apps. |
Description | A brief description of the application and what it is typically used for. |
Managing applications via the Applications tab
The Applications tab enables you to take a particular action when traffic is classified with a specific application:
- Reject: Block the session. The connection will be closed and the client device will be informed that the session was terminated.
- Block: Block the session. The connection will be closed silently: the client device will not be informed. This appears to the client device as a timeout, which can be useful for blocking applications designed to evade content filtering.
- Flag: Allow the connection, but generate an event that enables the admin to create notifications about the session.
Note that the Reject and Block actions automatically enable Flag as well; this cannot be disabled.
Filtering the Applications list
The list contains over two thousand signatures, so Application Control includes some filtering options to make it easier to find the applications you're looking for.
- The Filter field is a simple text filter and will remove from the list any entries that do not contain your specified text. Useful for searching for a specific application by name.
- The Category drop-down enables you to filter the list to only applications in the selected category: Games, Messaging, and more.
- The Action drop-down will display only signatures which match the selected action type. This is useful for changing the action type associated with a particular application.
Managing Custom Rules
Custom rules can be used for two different purposes: bypassing traffic and creating custom application signatures, each outlined below. Both types of rules are created in the same way.
To create a custom rule:
- Click Add Rule
- Give the rule a name
- Select the Category the rule should belong to
- Give the rule a description identifying what it does
- Add one or more conditions
- Select the action this rule should take
- Click Add to add this rule
You can click Add Rule again to add another rule, repeating as many times as desired. Click Save once you are finished adding rules to write all rules to Application Control.
Bypassing Application Control
Custom rules can be used to bypass Application Control classification for certain kinds of traffic, such as specific devices, subnets, or interfaces. It's useful for VoIP phones, for example, whose traffic may not function correctly if it is scanned in this way.
When creating bypassing rules, choose the action "Bypass".
Creating custom application signatures
You can create custom application signatures using these rules. This is useful for instances where you can identify a particular application's traffic, but no signature exists for it.
Note that custom signatures can only be used within Application Control: they are not available for use in other areas, such as traffic shaping or Firewall Filter Rules.
Comments
0 comments
Please sign in to leave a comment.