Results 1 to 7 of 7
  1. #1
    Untangler
    Join Date
    Oct 2008
    Posts
    68

    Default Everything in Application Control is categorized as TCP or UDP

    Hello. I'm trying to setup Application Control to restrict access to inappropriate sites and gaming sites. This is setup in a home environment. I tried blocking and tagging everything in Application Control so I could then watch the reports and open things as necessary. The biggest issue I'm having right now is that everything is coming through as UDP and TCP rather than being tagged as a specific application and protochain.

    I tried watching some youtube videos and looked at the faqs but I'm still not finding what I have misconfigured.

    Any help is appreciated.

    Thanks

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,170

    Default

    Youtube uses QUIC which is UDP over HTTPS unless you block QUIC with Web Filter. Either way the session is encrypted so I would recommend using WebFilter instead as that uses SNI to classify HTTPS sessions.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Oct 2008
    Posts
    68

    Default

    I'm confused by your response. You are saying not to use Application Control? I was planning on using Web Filter as well, i just happen to be starting with Application Control.

    How can I block everything in application control and see in reports which application/protochain is blocking?

    Right now everything is showing up as UDP or TCP. If I enabling those two, everything passes. If I disable them, nothing passes.

    Thanks

  4. #4
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    557

    Default

    Perhaps you could post a screen shot of the report you're referring to. Looking at my reports, I'm having trouble picturing what you're seeing.

    In any event, I wouldn't normally block either TCP or UDP. Those are incredibly blunt instruments. Nor would I turn to Application Control to block sites, but to block applications. I think I follow you in the sense that these applications are hosted somewhere, but within Application Control I think in terms of applications, not sites. It's at that point that Web Filter would be my tool of choice.

  5. #5
    Newbie
    Join Date
    Nov 2017
    Posts
    2

    Default

    Realize thread is old, but if OP is still looking for a solution...

    This happened to me as well. May have been after I exported the App Control settings from the default policy and imported them into a new policy. In the session viewer and reports all the AC Application fields were empty and the Protochain fields only showed TCP or UDP.

    In violation of all troubleshooting rules, I removed all existing policies, the policy manager, and app control then reinstalled PM and AC. Apps are properly identified now in session viewer and reports. Going to follow better change control procedures from now on in case something breaks so I can submit valid bug reports. ;^)

  6. #6
    Untangler
    Join Date
    Oct 2008
    Posts
    68

    Default

    Thanks for the response. I believe I had also exported and imported, since there does't appear to be a easy way of blocking everything.

    I'm not using Policy Manager yet, but I will try to uninstall/reinstall AC and see if that fixes mine.

    Thanks for the suggestion!

  7. #7
    Master Untangler
    Join Date
    Aug 2016
    Posts
    164

    Default

    Digging up an old thread too ... but something I just discovered ...

    You have the Applications tab and the Rules tab.

    I had set certain applications for "Flag" via the Applications tab.

    In the Rules tab I then set certain rules for the same application to allow or permit accordingly depending on my rule.

    For some reason I could never get my rules to work right. They did not want to block ... they were just not reliable.

    I turned off the flagging for the various applications on the Application tab.

    My rules now starting behaving as expected! Ya!

    It appears that if you set the application via the Application tab, that tab seemed to override my rules.

    Hence, try using the Application tab OR use the Rule tab for a given application. I have not had much luck using both on a application.

    Of course once I post this folks will probably say ... "Duh" ...
    Untangle 14.0.0 (Build: 14.0.1.20180827) (Kernel: 4.9.0-7-untangle-amd64)
    QOTOM-Q355G4
    1.6-2.7 GHz Intel I5 5250U, 128GB SS mSATA, 4GB RAM DDR3L, 4 xRJ-45 Intel I211AT 10/100/1000 Controller

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2