Selecting the application sensor in a security policy

Chapter 15 Unified Threat Management for FortiOS 5.0 : Application control : Video: Example of Application Control configurations. : Allowing only software updates : Selecting the application sensor in a security policy

An application sensor directs the FortiGate unit to scan network traffic only when it is selected in a security policy. When an application sensor is selected in a security policy, its settings are applied to all the traffic the security policy handles.

To select the application sensor in a security policy — web-based manager

1. Go to Policy > Policy > Policy.

2. Select a policy.

3. Select the Edit icon.

4. Under the heading Security Profiles toggle the button next to Application Control to turn it on.

5. In the drop down menu field next to the Application Control select the Updates_only list.

6. Select OK.

To select the application sensor in a security policy — CLI

config firewall policy

edit 1

set utm-status enable

set profile-protocol-options default

set application-list Updates_Only

end

Traffic handled by the security policy you modified will be scanned for application traffic. Software updates are permitted and all other application traffic is blocked.