Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Using Application Control feature to Block / Allow different IM applications for different use

10/14/2021 175 People found this article helpful 219,605 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This is a scenario based article of the SonicWall App Control Advanced feature. In this scenario we describe how to block the App Control Advanced Category - IM for all users except one user group and to allow Yahoo! Messenger, Skye, Trillian and Windows Live Messenger for selected users.

    The following application needs to be blocked / allowed for the following users:

    ApplicationBlockedAllowed
    IM (Category)AllManagers
    Yahoo Messenger/Apple I chatAllAccounts (and Managers)
    SkyeAllMarketing (and Managers)
    TrillianAllAccounts (and Managers)
    Windows Live MessengerNoneAll


     Managers would be allowed all IM applications. All IM applications other than the above would be blocked for the rest.

    Resolution

    Resolution for SonicOS 7.X

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.


    Create User Groups



    • Navigate to Device | Users | Local Users & Groups.
    • Click Local Groups tab.
    • Create the following user groups.
      • Managers
      • Accounts
      • Marketing

        Image

    Configure Authentication

    • In order for the SonicWall to enforce Application Control based on users/groups, we need to enable authentication on the SonicWall. Authentication can be either explicit, using Policy | Rules and Policies | Access Rules, or implicit, using Single Sign-on. In this example we create the following LAN | WAN rule to force authentication.

      Image

    Configure App Control Advanced - IM Category

    • Navigate to Policy | Security Services | App Control.
    • Toggle the option Enable App Control.

      Image

    • Click on Signatures tab.
    • Under viewed by drop down select category.
    • Under category drop down select IM.
    • Click  configure button to bring up the Edit App Control Category window.
    • Select Enable under Block.
    • Select Enable under Log.
    • Select All under Included Users/Groups.
    • Select the user group Managers under Excluded Users/Groups.
    • Click OK.

      Image


    Configure Application - Yahoo! Messenger/Apple iChat

    • On the same page, with View Style: Category selected as IM, select Yahoo! Messenger/Apple ichat under Application.
    • Click configure button to open the Edit Control App window.
    • Select Disable under Block.
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select the group Accounts.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers)
    • Click OK .This configuration would disable blocking for the group Accounts, which in turn would implicit enable blocking all other user group except Managers, who were excluded from all IM applications blocking in the parent category (IM).

      Image

    Configure Application - Skype

    • Select Skype under application.
    • Click  configure button to open the Edit Control App window.
    • Select Disable under Block.
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select the group Marketing.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers)
    • Click OK .This configuration would disable blocking for the group Marketing, which in turn would implicit enable blocking all other user group except Managers, who were excluded from all IM applications blocking in the parent category (IM).

      Image


    Configure Application - Trillian

    • Select Trillian under Application.
    • Click  configure button to open the Edit Control App window.
    • Select Disable under Block.
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select the group Accounts.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers)
    • Click OK .This configuration would disable blocking for the group Accounts, which in turn would implicit enable blocking all other user group except Managers, who were excluded from all IM applications blocking in the parent category (IM).

      Image


    Configure Application - Windows Live Messenger

    • Select Windows Live Messenger under Application.
    • Click configure button to open the Edit Control App window.
    • Select Disable under Block.
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select All.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers).
    • Click OK.This configuration would disable blocking for all users.

      Image

    Summary

    By configuring the above we accomplish the following

    • User Group Managers : All IM applications.
    • User Group Accounts: Yahoo! Messenger/Apple iChat & Trillian.
    • User Group Marketing: Skype.
    • Windows Live Messenger can be accessed by all users.




    Resolution for SonicOS 6.5

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


    Create User Groups

    • Login to the SonicWall management interface. 
    • Navigate to Manage at the top of the page.
    • Navigate to the Users | Local users & Groups page.
    • Select the Local Groups tab.
    • Create the following user groups.
      • Managers
      • Accounts
      • Marketing
        Image


    Configure Authentication

    • In order for the SonicWall to enforce Application Control based on users/groups, we need to enable authentication on the SonicWall. Authentication can be either explicit, using Policies | Rules | Access Rules, or implicit, using Single Sign-on. In this example we create the following LAN | WAN rule to force authentication.Image


    Configure App Control Advanced - IM Category

    • Navigate to Policies | Rules | Advanced Application Control page.
    • Check the box under Enable App Control and click on Accept at the top of the page.
    • Under View Style: Category, select IM .
    • Click  configure button to bring up the Edit App Control Category window.
    • Select Enable under Block.
    • Select Enable under Log.
    • Select All under Included Users/Groups.
    • Select the user group Managers under Excluded Users/Groups.
    • Click OK .
      Image
    • With this, all users or groups would be blocked from IM applications except the user group Managers. Now we configure individual applications to allow specific user groups.


    Configure Application - Yahoo! Messenger

    • On the same page, with View Style: Category selected as IM, select Yahoo! Messenger under Application.
    • Click configure button to open the Edit Control App window.
    • Select Disable under Block.
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select the group Accounts.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers)
    • Click OK .This configuration would disable blocking for the group Accounts, which in turn would implicit enable blocking all other user group except Managers, who were excluded from all IM applications blocking in the parent category (IM).
      Image


    Configure Application - Skype

    • Select Skype under application.
    • Click  configure button to open the Edit Control App window.
    • Select Disable under Block.
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select the group Marketing.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers)
    • Click OK .This configuration would disable blocking for the group Marketing, which in turn would implicit enable blocking all other user group except Managers, who were excluded from all IM applications blocking in the parent category (IM).
      Image

    Configure Application - Trillian

    • Select Trillian under Application.
    • Click  configure button to open the Edit Control App window.
    • Select Disable under Block.
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select the group Accounts.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers)
    • Click OK .This configuration would disable blocking for the group Accounts, which in turn would implicit enable blocking all other user group except Managers, who were excluded from all IM applications blocking in the parent category (IM).
      Image

    Configure Application - Windows Live Messenger

    • Select Windows Live Messenger under Application.
    • Click configure button to open the Edit Control App window.
    • Select Disable under Block.
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select All.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers).
    • Click OK.This configuration would disable blocking for all users.
      Image


    Summary

    By configuring the above we accomplish the following

    • User Group Managers : All IM applications.
    • User Group Accounts: Yahoo! Messenger & Trillian.
    • User Group Marketing: Skype.
    • Windows Live Messenger can be accessed by all users.





    Resolution for SonicOS 6.2 and Below

    The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.


    Create User Groups

    • Login to the SonicWall management interface. 
    • Navigate to the Users | Local Groups page.
    • Create the following user groups
      • Managers
      • Accounts
      • Marketing
        Image

    Configure Authentication

    • In order for the SonicWall to enforce Application Control based on users/groups, we need to enable authentication on the SonicWall. Authentication can be either explicit, using Firewall | Access Rules, or implicit, using Single Sign-on. In this example we create the following LAN | WAN rule to force authentication.Image

    Configure App Control Advanced - IM Category

    • Navigate to Firewall | App Control Advanced page. (In Gen5 TZ devices this page would be under Security Services | App Control Advanced).
    • Check the box under Enable App Control and click Accept at the top of the page.
    • Under View Style: Category, select IM .
    • Click  configure button to bring up the Edit App Control Category window.
    • Select Enable under Block.
    • Select Enable under Log.
    • Select All under Included Users/Groups.
    • Select the user group Managers under Excluded Users/Groups.
    • Click OK.
      Image
    • With this, all users or groups would be blocked from IM applications except the user group Managers. Now we configure individual applications to allow specific user groups.


    Configure Application - Yahoo! Messenger

    • On the same page, with View Style: Category selected as IM, select Yahoo! Messenger under Application.
    • Click  configure button to open the Edit Control App window.
    • Select Disable under Block
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select the group Accounts.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers)
    • Click OK.. This configuration would disable blocking for the group Accounts, which in turn would implicit enable blocking all other user group except Managers, who were excluded from all IM applications blocking in the parent category (IM).
      Image

    Configure Application - Skype

    • Select Skype under application.
    • Click  configure button to open the Edit Control App window.
    • Select Disable under Block.
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select the group Marketing.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers).
    • Click OK .This configuration would disable blocking for the group Marketing, which in turn would implicit enable blocking all other user group except Managers, who were excluded from all IM applications blocking in the parent category (IM).
      Image

    Configure Application - Trillian

    • Select Trillian under Application.
    • Click on the configure button to open the Edit Control App window.
    • Select Disable under Block.
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select the group Accounts.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers).
    • Click OK .This configuration would disable blocking for the group Accounts, which in turn would implicit enable blocking all other user group except Managers, who were excluded from all IM applications blocking in the parent category (IM).
      Image

    Configure Application - Windows Live Messenger

    • Select Windows Live Messenger under Application.
    • Click  configure button to open the Edit Control App window.
    • Select Disable under Block.
    • Leave the Log field to inherit what was selected under the parent category IM (Enabled).
    • Under Included Users/Groups, select All.
    • Leave the Excluded Users/Groups as it is, which would be Use Category Settings (Managers).
    • Click OK .This configuration would disable blocking for all users.
      Image 

    Summary

    By configuring the above we accomplish the following

    • User Group Managers : All IM applications.
    • User Group Accounts: Yahoo! Messenger & Trillian.
    • User Group Marketing: Skype.
    • Windows Live Messenger can be accessed by all users.

    Related Articles

    • How to change the HTTP and HTTPS management ports on UTM Appliances using CLI
    • Bandwidth usage and tracking in SonicWall
    • How to force an update of the Security Services Signatures from the Firewall GUI

    Categories

    • Firewalls > TZ Series > Application Firewall
    • Firewalls > SonicWall SuperMassive 9000 Series > Application Firewall
    • Firewalls > NSa Series > Application Firewall
    • Firewalls > NSv Series > Application Firewall

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top