There are many applications which might be undesirable in educational institutions or business environments. While every effort might be taken to ensure only required applications are running on domain-joined or otherwise managed devices, it is often near impossible to put such restrictions on BYOD devices.
While many undesirable applications may simply represent an inappropriate use of time, some present a security risk and may allow users to bypass the Smoothwall Web Filter, permitting access to highly inappropriate or damaging material on the web.
Solution
In such a situation where application level control is needed, we can deploy and configure Layer 7 Filtering on the Firewall to block applications on the internal network from accessing the Internet.
Prerequisites:
- You must have a licence for the Layer 7 Filter functionality.
- Your Smoothwall Filter and Firewall must be configured as a Firewall or a Bridge.
Process:
- Log into the Smoothwall admin GUI.
- Navigate to Network > Firewall > Firewall Rules.
- Click Add Section to create a new Firewall Slice, and name it appropriately I.E: "Application Control."
- Hover your mouse over the new Slice and select Add Rule > Top of section.
- Name the new rule appropriately.
- Configure the new rule in the following manner:
- Source IP addresses: leave blank.
- Inbound Interface: All internal interfaces.
- Destination IP addresses: leave blank.
- Outbound interfaces: All external interfaces.
- Services: leave blank.
- Applications: Select application categories or individual apps from within each to block. It is recommended all of VPN/Tunnelling and Proxies be selected unless specific requirements require some applications within.
- Groups: leave blank.
- Action: Reject.
- Save the new rule.
This rule can be amended to add/remove applications as requirements change. Please note the Layer 7 rule can only be set to reject or drop traffic, not accept it.