Allowing only software updates
Some departments at Example Corporation do not require access to the Internet to perform their duties. Management therefore decided to block their Internet access. Software updates quickly became an issue because automatic updates will not function without Internet access and manual application of updates is time-consuming.
The solution is configuring application control to allow only automatic software updates to access the Internet.
To create an application sensor — web-based manager
1. Go to Security Profiles > Application Control.
2. Select the Create New icon in the title bar of the Edit Application Sensor window.
3. In the Name field, enter Updates_Only as the application sensor name.
4. Using the left-click and drop down on the items in the Category list...
a. Select Monitor from the dropdown menu.
b. Select Block for the rest of the categories.
5. Select OK.
To create an application sensor — CLI
config application list
edit Updates_Only
config entries
edit 1
set category 17
set action pass
end
set other-application-action block
set unknown-application-action block
end
| You will notice that there are some differences in the naming convention between the Web Based Interface and the CLI. For instance the Action in the CLI is “pass” and the Action in the Web Based Manager is “Monitor”. |