Blocking Mobile application on Firepower helps in prevent some of the applications that could be risky or has a low business relativity in some companies, today we are going to create rules on Cisco Firepower that helps blocking "snapchat" as an example
First, there are two ways to block application
1. blocking with rule that uses Objects
2. blocking the application with rule directly
Blocking with Objects:
1. Create the applications filter under Objects
Objects > Application Filters > Add Application Filter
add a name for the application filter, then search for the application you want to add and filter in rule, we will search for snapchat application as you can see from the picture above, add to Rule then save.
2. Adding the Application filter to be blocked by Firepower policy
Policies > Access Control > select the Policy to edit ( in my case it's FMC_Access_policy)
3. add a rule > add a name for the rule (SNAPCHAT-FILTER) tick the enable option, change the action to Block, Go to Applications Tab and search for the object we created earlier (APP-FILTER) which has SNAPCHAT application inside then Click Add to Rule, then Add.
4. Finally save the new rule from the save option on the right upper side of the page, then click on Deploy, tick the devices you want to apply the rule on and click deploy.
After finishing deployment, you can check your rule by going to > Analysis > Connections>Connection events
Note: you will need to enable logging in the rule in order to see it in the events.
Method two, blocking directly:
This is little bit easier to create, first you need to go and create a rule, go to Policies > Access Control > edit policy > add rule
inside the rule, you just need to name the rule, change the action and choose snapchat from the applications list, then enable logging, and add then save and deploy, check below picture, and also to view your rule working or not, go to Analysis > Connections > Connection Events
Good Luck
First, there are two ways to block application
1. blocking with rule that uses Objects
2. blocking the application with rule directly
Blocking with Objects:
1. Create the applications filter under Objects
Objects > Application Filters > Add Application Filter
add a name for the application filter, then search for the application you want to add and filter in rule, we will search for snapchat application as you can see from the picture above, add to Rule then save.
2. Adding the Application filter to be blocked by Firepower policy
Policies > Access Control > select the Policy to edit ( in my case it's FMC_Access_policy)
3. add a rule > add a name for the rule (SNAPCHAT-FILTER) tick the enable option, change the action to Block, Go to Applications Tab and search for the object we created earlier (APP-FILTER) which has SNAPCHAT application inside then Click Add to Rule, then Add.
4. Finally save the new rule from the save option on the right upper side of the page, then click on Deploy, tick the devices you want to apply the rule on and click deploy.
After finishing deployment, you can check your rule by going to > Analysis > Connections>Connection events
Note: you will need to enable logging in the rule in order to see it in the events.
Method two, blocking directly:
This is little bit easier to create, first you need to go and create a rule, go to Policies > Access Control > edit policy > add rule
inside the rule, you just need to name the rule, change the action and choose snapchat from the applications list, then enable logging, and add then save and deploy, check below picture, and also to view your rule working or not, go to Analysis > Connections > Connection Events
Good Luck
No comments:
Post a Comment