Application Control Policy List Parent topic

Application Control > Policies
Companies often need to control or scan Internet applications such as Instant Messaging (IM), P2P, and streaming. The Application Control feature allows more than a simple allow-or-block option for all examples of applications within a category. This flexibility is provided because many companies have found specific functions of these applications are effective for conducting business. Granular application control allows you to not only block and allow an application like Facebook, for example, but you could also allow the application, and still block newly posted messages.
Administrators may want to allow the two most popular IM applications, but block the rest. For P2P, administrators may want to allow the transfer of files between employees within the corporate network, but prohibit external use.
Creating Application Control policies allows granular control of the functionality within the supported Internet-based application categories.
The Application Control policy list shows all policies on the system (for IPv4 and IPv6 addresses)—enabled as well as disabled. Go to Application Control > Policies. Click Add to create a new policy, or click a policy name to edit an existing one.
  • Enable Application Control—Globally controls the enabled status of all policies; overrides the status of an individual policy. Click Save after enabling or disabling Application Control. Enabling or disabling of the Application Control will not affect policies already created. They will be synchronized between HA nodes and are included in migration packages.
  • Add—Opens the Add Policy wizard that will take you through the steps of defining a new policy.
  • Priority—Sets the order of precedence—if two conflicting policies overlap in their scope, the policy with the higher priority (closer to 1) will be applied and the other ignored. MORE>>
    The Application Control policy manager first evaluates a given protocol request by determining which group, if any, the requesting client is a member, and then by evaluating which policy or policies are in effect for that group.
    If the client is affected by more than one policy, the policy with the highest priority is applied. No other policies in the list are evaluated for the criteria already found.
    • Note 1: The Application Control Global Policy is the default policy. It automatically applies to all users, but also always takes the lowest priority. Any policy above it in the list will take precedence.
    • Note 2: If you have notifications enabled (Notifications > HTTP/HTTPS Access Denied by Application Control), you will receive a message each time a file of the protocol is blocked.
  • Deploy Policies—Click this button after creating or modifying an Application Control policy to have it immediately take effect. This avoids waiting for the policy deployment interval.
  • Collapse and expand categories—The Expand icon (expand.gif) allows you to see the contents of all the application categories. The Collapse icon (collapse.gif) allows you to close all application categories.
  • Application Search—Type an application protocol name to search.
  • Granular Action Search—Select one or more granular actions to search for an application.
  • Action—Set actions Allow, Block, or Match Next Policy for selected applications.
  • Scheduling—Select scheduled times for the current policy by clicking the Choose scheduling drop-down list. For Scheduled Times, refer to Administration > IWSVA Configuration > Scheduled Times.
To view Application Control policies:
  1. Go to Application Control > Policies.
  2. Click the name of an existing policy to see the details about that policy. The Global Application Control policy is the default policy.
  3. To add a policy, see: Add Policy: Select Accounts.
See also: