Application Control Application Control provides a solution for setting policy rules for application signatures.Application Control policies include global App Control policies, and App Rules policies that are more targeted. You can also create certain types of App Control policies on the fly directly from the Dashboard | App Flow Monitor page.As a set of application-specific policies, Application Control gives you granular control over network traffic on the level of users, email addresses, schedules, and IP-subnets. The primary functionality of this application-layer access control feature is to regulate Web browsing, file transfer, email, and email attachments.
In SonicOS 5.8 and higher, the ability to control application layer traffic in SonicOS insignificantly enhanced with the ability to view real-time application traffic flows, and new ways to access the application signature database and to create application layer rules. SonicOS 5.8 integrates application control with standard network control features for more powerful control over all network traffic.
Beginning in SonicOS 5.9, you can use regular expressions to match patterns in network traffic.Specifically, App Control policies can utilize reassembly-free regular expression matching. This means that no buffering of the input content is required, and patterns are matched across packet boundaries.
About App Control Policies
In SonicOS 5.8.1, there are three ways to create App Control policies and control applications in your network.
Create Rule from App Flow Monitor – The Dashboard | App Flow Monitor page provides a Create Rule button that allows the administrator to quickly configure App Control policies for application blocking, bandwidth management, or packet monitoring. This allows the administrator to quickly apply an action to an application that he or she notices while using the SonicWall Visualization and Application Intelligence features. The policy is automatically created and displayed in the App Rules Policies table on the Firewall | AppRules page.
App Control Advanced – The Firewall | App Control Advanced page provides a simple and direct way of configuring global App Control policies. You can quickly enable blocking or logging for a whole category of applications, and can easily locate and do the same for an individual application or individual signature. Once enabled, the category, application,or signature is blocked or logged globally without the need to create a policy on the Firewall |App Rules page. All application detection and prevention configuration is available on the Firewall | App Control Advanced page.
App Rules – The Firewall | App Rules page provides the third way to create an App Control policy. This method is equivalent to the method used in the original Application firewall feature. Policies created using App Rules are more targeted because they combine a match object, action object, and possibly email address object into a policy. For flexibility, App Rules policies can access the same application controls for any of the categories,applications, or signatures available on the App Control Advanced page. The Firewall |Match Objects page provides a way to create Application List objects, Application Category List objects, and Application Signature List objects for use as match objects in an App Rules policy. The match objects page is also where you can configure regular expressions for matching content in network traffic. The Firewall | Action Objects pages allows you to create custom actions for use in the policy.
About Application Control Capabilities Application Control’s data leakage prevention component provides the ability to scan files and documents for content and keywords. Using Application Control, you can restrict transfer of certain file names, file types, email attachments, attachment types, email with certain subjects, and email or attachments with certain keywords or byte patterns. You can deny internal or external network access based on various criteria. You can use Packet Monitor to take a deeper look at application traffic, and can select among various bandwidth management settings to reduce network bandwidth usage by an application.
Based on SonicWall’s reassembly free Deep Packet Inspection technology, Application Control also features intelligent prevention functionality which allows you to create custom,policy-based actions.
Examples of custom actions include the following:
Blocking entire applications based on their signatures
Blocking application features or sub-components
Bandwidth throttling for file types when using the HTTP or FTP protocols
Blocking an attachment
Sending a custom block page
Sending a custom email reply
Redirecting an HTTP request
Sending a custom FTP reply over an FTP control channel
While Application Control primarily provides application level access control, application layer bandwidth management and data leakage prevention, it also includes the ability to create custom application or protocol match signatures. You can create a custom policy with App Rules that matches any protocol you wish, by matching a unique piece of the protocol. Application Control provides excellent functionality for preventing the accidental transfer of proprietary documents.
EXAMPLE: When using the automatic address completion feature of Outlook Exchange, it is a common occurrence for a popular name to complete to the wrong address. See the following figure for an example.
Benefits of Application Control
The Application Control functionality provides the following benefits:
Application based configuration makes it easier to configure policies for application control.
The Application Control subscription service provides updated signatures as new attacks emerge.
The related Application Intelligence functionality, as seen in App Flow Monitor and the Real Time Visualization Monitor, is available upon registration as a 30-day free trial App Visualization license. This allows any registered SonicWall appliance to clearly display information about application traffic in the network. The App Visualization and App Control licenses are also included with the SonicWall Security Services license bundle.
NOTE: The feature must be enabled in the SonicOS management interface to become active.
Administrators can use the Create Rule button to quickly apply bandwidth management or packet monitoring to an application that they notice while viewing the App Flow Monitor page, or can completely block the application.
Administrators can configure policy settings for individual signatures without influencing other signatures of the same application.
Application Control configuration screens are available in the Firewall menu in the SonicOS management interface, consolidating all firewall and Application Control access rules and policies in the same area.
Application Control functionality can be compared to three main categories of products:
• Standalone proxy appliances • Application proxies integrated into firewall VPN appliances • Standalone IPS appliances with custom signature support
Standalone proxy appliances are typically designed to provide granular access control for a specific protocol. SonicWall Application Control provides granular, application level access control across multiple protocols, including HTTP, FTP, SMTP, and POP3. Because Application Control runs on your SonicWall firewall, you can use it to control both inbound and outbound traffic, unlike a dedicated proxy appliance that is typically deployed in only one direction. Application Control provides better performance and scalability than a dedicatedproxy appliance because it is based on SonicWall’s proprietary Deep Packet Inspection technology. Today’s integrated application proxies do not provide granular, application level access control, application layer bandwidth management, and digital rights management functionality. As with dedicated proxy appliances, SonicWall Application Control provides much higher performance and far greater scalability than integrated application proxy solutions. While some standalone IPS appliances provide protocol decoding support, none of these products supports granular, application level access control, application layer bandwidth management, and digital rights management functionality.
In comparing Application Control to SonicWall Email Security, there are benefits to using either. Email Security only works with SMTP, but it has a very rich policy space. Application Control works with SMTP, POP3, HTTP, FTP and other protocols, is integrated into SonicOS on the firewall, and has higher performance than Email Security. However, Application Control does not offer all the policy options for SMTP that are provided by Email Security.