Application Control Policies: Rules Parent topic

Application Control > Policies | Add > Select Account > Specify Rules
Application Control > Policies | Policy Name | Rule (to edit an existing policy)
Adding an Application Control policy is a two-step procedure. First, you create an account to specify the users to which the policy will apply, then assign Application Control rules to the policy.
Editing an Application Control policy requires clicking on the policy name, then clicking the Rule tab.
  • Enable policy— Enables or disables the individual policy; the global Application Control policy settings override the specifications of an individual policy.
  • Application Category— Choose an action for the protocols to which you want to restrict access. There are over 1000 categories segmented in 25 logical groups. Use the Search field to find specific application names.
  • Click on the "+" sign to expand a category and select specific protocols.
  • Click the protocol name to access a page with descriptions of the protocols.
    Note
    Note
    When you create a policy, current connections will not be blocked by the new policy. For example: If a user is logged on to Skype while an admin creates a policy to block Skype, the user can continue to use Skype. However, after the user logs off, they cannot log back on to Skype again because the policy will be in effect.
Use the following available filtering actions:
  • Deny Send Mail
  • Deny Upload File
  • Deny Download File
  • Deny Transfer File
  • Deny Post Message
  • Video Voice Call
  • Deny Play Media
Selecting the "allow", "block" or "match next policy" action can be supported by all applications, and other actions can be supported by part of the applications. As a result, the policy setting process is:
  • Option 1: Filtering Application Search
    • Enter application name at Application Search and click Search button, then the applications will be filtered out.
    • Select the applications that need actions set.
    • Go to Action, select the actions that apply to the selected application.
  • Option 2: Filtering Granular Action search
    • Select any action from Granular Action Search and click Search button, then the action-selectable applications will be filtered out.
    • Select more than one action under Granular Options from the application action list, and apply it.
  • Allow— User accounts can use the application normally. Application Control events are recorded if the administrator enables that setting. (See Application Control Settings for details.)
  • Block— User accounts cannot use this application. The network packets identified as part of this application will not be delivered. Application Control events can be recorded if the settings is enabled. (See Application Control Settings for details.) A log entry can also be created for this event.
  • Scheduling— Select the time object for the protocol for which you want to apply the action. (Restricted days and hours are defined at Administration > IWSVA Configuration > Scheduled Times.) Click Save to apply the filtering action to the selected protocols.
    Note
    Note
    Settings will take effect after the HTTP service is reloaded.
  • Note— Use to create policy notes, for example, to summarize the intent or justification for the policy. It can serve as a simple reminder or as a communication to others who could later administer this feature.
  • Click Save at the end of the rules list to return to the policy list.
  • In the policy list, click Deploy Policies when you are ready for the policy/policies to be deployed.
See also: