How to configure App rules on NSSP 13700?

07/12/2021 0 1151

DESCRIPTION:

App Rules provides a solution for setting policy rules for application signatures. As a set of application-specific policies, App Rules give you granular control over network traffic on the level of users, email addresses, schedules, and IP-subnets. The primary functionality of this application-layer access control feature is to regulate Web browsing, file transfer, email, and email attachments.

RESOLUTION:

NOTE: During the initial release, NSSP 13700 is only available in global mode and not policy mode.

The App rule has three major components:

• Match Object
• Action Object
• App rule policy

Match Object:

Match objects represent the set of conditions which must be matched in order for actions to take place. This includes the object type, the match type (exact, partial, regex, prefix, or suffix), the input representation (text or hexadecimal), and the actual content to match.

To configure a match object:

1. Navigate to Object | Match Objects | Match Objects and click on Add. 
   
   
2. Mention a name and select the match object type of the match object you would like from the available list as per your requirement. You could also create a custom object if none of the built-in types is suitable.
   
3. The match type could be 
   a) Partial match
   b) Regex match
   c) Exact match
   d) Prefix match
   e) Suffix match
   Click on Save once done.
   

TIP: You can get more details on Match Objects, their types from the link below.

Technical Documentation - Match Objects

Action Objects:

Action Objects define how the App Rules policy reacts to matching events. Custom action objects can be created or one of the predefined, default actions can be used in an App rule policy.

To configure an Action Object:

1. Navigate to Object | Action Objects | App rule action.
2. You can choose from the following pre-defined action objects. Also, if a custom action object is required, click on Add.
   

TIP:You can get more details on Action objects, predefined objects and custom action objects from the link below.

Technical Documentation - Action Objects

App rule Policy:

App Rules can be used to create custom App Rules policies to control specific aspects of traffic on your network. A policy is a set of match objects, properties, and specific prevention actions. 

To create an App rule policy:

1. Navigate to Policy | Rules and Policies | App rules. The App rules should be enabled first. Click on the Settings icon and enable the toggle switch and click on Accept.
   
2. Click on Add to add a new App rule policy.
   
3. Mention a suitable name for the policy. Select the following fields as per your requirement.
   a) Policy type
   b) Address source and Destination
   c) Service source and destination
   d) Exclusion address and service
   e) Users/Groups included and excluded
   f) Schedule if necessary for this policy
   g) Select the Match object created in the first section. You can also trigger this policy by excluding a specific match object.
   h) Select the action action object from the pre-defined list or any custom objects if added.
   i) The necessary zone for which this policy should be applied can also be specified.
   
4. Once all fields are selected correctly, click on OK.

Let us look at a few examples, where App rules can be used:

1. Blocking HTTPS Websites With Application Firewall Using Certificate Serial Number
2. How To Block URL Using App Rules

For many such use cases, you can take a look at the link below:

App rules - Use Cases