Application Firewall Overview
The Application firewall section allows for the control and flow of traffic through the SSE service firewall.
What is Application Firewall?
The Application Firewall is a L3/L4 firewall or FWaaS(Firewall as a Service) that enables an organization to control the flow of traffic to and from an application or service. It features IP and Port filtering, protocol control, geo-blocking, and user control.
Next-Generation Deep Packet Inspection
Applying policies solely based on ports instead of applications makes the system vulnerable to bypass attacks and unable to detect malicious traffic using legitimate ports, such as C&C server communications.
NG-DPI blocks unauthorized network applications by filtering over 2,500 types of network applications, including messengers, VPNs, and web storage services.
Application Firewall Menu
The Application Firewall menu has two sections: Policy, and Application Group.
Policy Menu
The Policy section is the main section for configuration, and where policies will be created. Rules created in this menu will allow for the control of traffic to and from different IP addresses, Geolocations, Users and services such as TCP or UDP. Below is an overview of the menu
| Search | Allows for the user to search for the policy using a set of parameters |
| Create | Opens up the policy creation menu |
| Activate | Turns on/off a previously created policy |
Clicking the create button will open a secondary menu where the policy can be configured.
For the example below, all options have been selected to show every possible option when creating a rule.
Source
| User | The source user(user connected to the connector) accessing through the firewall |
| IP | The IP address or IP address range being used to access the application |
| Country | The country that the user is accessing through the firewall from. More practically, where is the user located currently |
Destination
| User | The destination user packets are being sent to |
| IP | The destination IP address or IP address range packets are being sent to |
| Country | The geolocation of the destination IP/Application |
Service
| App Protocol | Identifies network protocol behavior that follows the behavior of the application protocol selected |
| Application | Targets applications themselves, blocking the software |
| TCP | Connection-oriented protocol that ensures reliable delivery. Used commonly for Web (HTTP/HTTPS), Email (SMTP), SSH etc |
| UDP | Connectionless protocol, faster but no delivery guarantee. Used commonly for DNS, NTP, VoIP, VPN (IKE) etc. |