Results 1 to 3 of 3
  1. #1
    Untanglit
    Join Date
    May 2020
    Posts
    15

    Question Application Control - But how to allow?

    Hello to all,

    I have a issue or I missunderstand how Exception-Rules work with Application Guard.

    What did I do?

    Apps -> Application Guard -> Applications = Filter "OpenVPN"
    I "Blocked" OpenVPN that is under the category "VPN and Tunneling"

    That works great - just love it...

    What I need to do is to "Allow" my Company Laptop to build up a connection via "OpenVPN" and nothing else.

    So I went to:
    Apps -> Application Guard -> Rules

    And created a Rule with the following conditions:
    Source Address: IP of Laptop (1.2.3.4) + Application Control: Application = OPENVPN --- The Result "Fail"
    Tagged: Tag name of Laptop (Example) + Application Control: Application = OPENVPN --- "Fail"
    or even
    Host Hostname + Destination Port (443) + Application Control: Application = OPENVPN --- "Fail"

    ATM I have the "Block" Checkmark off at the Application Control to do some work but would love to create a few exceptions that are involved with my Company Laptop.

    Best regards
    Val.

    P.S. SSL Inspection is excluded for this Device.

  2. #2
    Untanglit
    Join Date
    May 2020
    Posts
    15

    Default

    Hello again,

    could not wait and needed a solution.

    Found the following:

    Created a new Policy just for my Company Notebook under the Policy Manager and created a Rule that sez:
    Tagged => "My Notebook" Apply Policy

    The Rack for the Policy:
    Webfilter and Firewall are more then I need since I use OpenVPN to SSL in to my Company.

    Firewall Rule:
    Allow HTTPS - Destination Port 443
    Default Deny - (Created a no conditions Rule) that does this! -> Destination 0.0.0.0/0.0.0.0 - Port Range 0-65535

    That was it and works like a charm.

    Best regards
    Val.
    Last edited by Valvaris; 05-19-2020 at 04:23 PM.

  3. #3
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,012

    Default

    Thats good, you found a way.

    On the original [Application Control] approach,
    I would try doing a block rule in rules, and add the pass rule above it.

    Don't try to mix-and match the logic in NGFW from different areas.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2