NSE4_FGT-6.4 Fortinet NSE 4 – FortiOS 6.4 – FortiGate Firewall V6.4 Part 5
38. Lecture-38:Security Profile DNS Filter.
One is we will do DNS filter. Okay? So what is DNS filter? Domain name system. We discuss about DNS and detail. I think the last few last week, either domain name system or the domain name server. Okay? So basically DNS is translating fully qualified domain name to IP and IP to domain name. Okay? It’s like a phone book. Now, filter means filter. Definitely if you dislike a filter, whenever you want to do something to filter them, we call them filter. So DNS Filter, the name is different, but it actually is do the same job which we done through web yesterday.
It will do the same like a botnet. And if somebody wants to target your DNS and do something to enter your system and take on your system botnet, we discuss botnet. What is botnet? So you can use DNS because these two things are normally allowed like ATP port and DNS and Https. So there can be many attack related to DNS and Https. So you can use DNS filter to filter the thing. Also you can use DNS for parental control, like Save search. Save search means nobody. Like a vulgar word. If somebody type pass in deck or something this type of word so it will not search. So we call them parental control.
Maybe your kids type something either any of your what is called user either imply by mistake type some word which is worldwide which is not. You can understand better than me. So it will stop you to search those words. So it’s a good thing, by the way. So we can use DNS filter to block botnet. We can enable safe search like a Google Bing and YouTube and all those things daily motion. So nobody can search anything, which is not a good thing.
Foreign search type of things, even the word you will not search through this one, either naked pictures or something. So you can stop with the use of DNS filter. We can use them again. We will use the same topology. I have very small topology, nothing configure. 40 gate and virtual machine. You can do the same thing in GNS three and Eve basically. But because I licensed this version, so that’s why. So I have three interfaces. This one is the vein interface, also my management interface. This one is in lane segment is my lane and this one is DMZ. Right now I’m using only these two, wayne and lane.
So if I need a system in lane, so I have to put that system in the lane interface. So that’s why I put XP system in the lane segment. I change the interface. They have only one interface, put them in the lane. If I put them DMZ, it will ship to DMZ if I make them net, so it will go to outside. Okay? Anyway, it’s an inside and inside I assign range 100, which we know here that’s my lane inside range 100. So that’s why I assign to this PC 192 68, one dot, two sam range IP, and I put the gateway 100, which is my firewall IP. And if I try to ping, I can reach to my 100, to my gateway. And because I put DNS as well, if I go to you have to put DNS IP as well. Let me show you from more detail here. It is very important so that you can reach to Google as well either any other service. So this is a simple topology. We are using this one. So now I need to configure two three things and DNS filter. Okay? So let’s go to security profile DNS filter. So there is by default one DNS filter. If you want you can use this one again if you want to edit, if you want to clone because this is not all created one so we cannot delete them. It’s a default one and it’s not being used anywhere. Reference may means it’s not used and these are the comments. Click on create new and create your own. So I will say DNS filter profile.
I give them this name and you can put the comments up to two five five correctly. Now it says redirect botnet request to block portal. So these are the botnet button. We discuss our report network when somebody zombie, we call them as well, which I told you is the first lecture. But it require a license because I already have a license. So that’s why it’s showing me. These are the domain name botnet packages. These are all the botnet websites. So we can take any website and we can test them. Okay, so suppose any which was easy. This one, this is a bit easy. So let me copy this one. Okay, let me try like this I can copy either I was I need to type it because I mentioned and document this website. You can take any website to test by the way. Okay, so it’s not copying. So let me T-E-K-I-L-I-N-K-O Tk. This is a botnet website. One of them is here mentioned in botnet. They have so many botnet domain which is blacklisted and botnet website. Okay, so let’s test first. This one is I enable only this one. Yeah, botnet not doing anything. Let me disable everything I will tell you about this one and okay, so my profile is ready now let’s go to policy policy firewall policy and make them as a sequence to show and let’s go to security profile remove filter so that we can test DNS properly otherwise you can enable all together. So DNS and the one which we created a DNS filter profile. So my DNS is ready now. Okay and how we can check them if we go to logs and report there is a DNS query so nothing is there. These are the old one which is allowed and everything but there is no such thing. Let’s go to our inside system and try any botnet website which is dangerous one which can take your control. So if I type what was the let me copy this one from that list you can copy anyone. Okay, let’s do can they block us? Let me do it as a hidden by the way, it has to show me message sometime. It will stop you but will not show you the banner due to that license. So it’s not reachable. By the way, maybe after I let me see the traffic if I come here and see so it said DNS response.
OK. And another thing to verify the best way is to go to dashboard and there is a botnet. Let me check. It was here no, it was in security tab botnet related. It was somewhere top vendable. No, there was okay, that was in the old one because I installed the new one but has to be here. By the way, let me go to status and see. It is CPU related and no. So let’s see here there was botnet related one widget which we can show you the top botnet website. So it’s not showing me. Okay, let me copy another website. It looks like this one is not working.
So if we go to security profile DNS Filter and our default one and click here. Okay. And let’s take another example which is this one which is a bit easy. This you can write quickly. These are list of botnet website. By the way, you can stop them by DNS filter grojpof. com. Okay. And let’s try this one. If we go to here and paste them okay, so it’s not reachable. It means either that your site is not available either it’s been stopped by DNS. So if we go to report and try here DNS query okay, it’s showing me here but it’s showing as a query. It has to show me other detail. And also I don’t know in the new one they removed that one.
The botnet is like this one. If I can show you here if you enable them and try from here okay, so it will show you a bender like this one. And dashboard status there is a botnet activities, it will show you there and also in DNS query. But in both cases it’s not showing us in this new firewall. For some reason they remove the botnet from here. Maybe you can add from AdWords, right? Yeah, it can be it but maybe the botnet is true. Let’s see, maybe it’s not enabled by default. No, it’s not here. So it should be in the security one and the new one is recently released. So they changed something. But I said let me try them. Normally it’s not changing everything but just a bit. So I cannot see here the botnet activities. Maybe they give them something different name botnet here. Yeah, thank you. Now let’s see top botnet. Okay. Yeah, it’s okay, now issuing you.
So let me make them bigger to see properly here. And we can see there is blog domain too. And let’s see check botnet activities. So if those two websites are here yes, so it’s working now. So headcount, we check this one few times. Okay. We refresh them in this one. Okay. And if we try another one, it will come here. So this is the best way to recognize them and to verify. So you can see it’s a block domain. If you are not sure, let’s try another website from there. So if we go to not Policy, security Profile, DNS okay. And let’s try another website from botnet domain. These are malicious botnet domain. It’s a huge let’s not one, two, three like this one. It’s so many. Okay. But you can stop them through DNS filter. That’s the only way to do it. So let me try. V-O-L-I-G-O-N-C-N. It’s correct. Here, let’s go there. By the way, it will show you the banner as well. For some reason it’s not showing me but it’s okay. It’s not reachable. And if we go to Dashboard and go to security tab and check botnet, it has to be three now. So if you click and check botnet activities. So the third one which we have Vol is here now. Okay? So it’s showing you botnet name botnet. There are so many names. They have every botnet here. They are different where some of them spy, some of them working other, some of them will increase your CP and so many so forget about the name. I don’t know if they have so many name. And these are the headcount which showing. So that’s the first thing which we can do through DNS filter to stop the botnet activities. So let me stop the botnet. I want to test something else.
Another thing is they can do for you save Search which I told you DNS. Save search means like a vulgar word which I told you you can stop those things. So let me do first, can I go to bank? This is a search engine like a Google. And if I say Adult Swim or something so both words is vulgar. Type for organization adult and Swim. So I can type Adult Swim and I can visit them as well. Okay, if I click it once, it’s just due to certificate. Otherwise it will go there. So yes, it’s showing me no issue. But in Bank. com, I searched them and it tells me nothing. Let me go back to Bang. com. Okay. So I search here edit stream. Now let me go back and I want a safe search. This one will be done already. This one enforceave search on Google, Bing and YouTube. So I say enable and strict. Moderate means it will moderate like the word which is more worker. It will stop that one.
But strict means any word like edit is also coming under strict so if I okay because it’s already enabled so I don’t need to go policy and object and let me try again. So I’m in bank. Let me refresh and type adult swim again the same thing which I searched before. So by the way, it has to stop me in the first place. Let’s see, can I go there either? It can stop me so no, it didn’t stop me for some reason, it’s already in this one. I apply them. Yeah, I need to check them. Yes, click and save search. So if I say enter by the way it is to stop me in the first place. So let’s try Google. com sometimes it’s not working properly because we are using the old browser and certificate is not enabled also. So it will not give you the accurate result at the time if I say edit any other thing but the only thing which I mentioned there so that’s why I’m showing you this. It has to stop me here. Okay? So no it’s searching here. So let me close the browser and test any other browser either open this one and delete the history and everything. So let me open and also let me open again this one to check, double check and also we can do here one thing more to test properly. This is all about certificate.
We haven’t installed certificate so sometimes they are not catching the words properly and also I’m using old browser as well. It’s better to use Windows seven with the latest browser. So let me go to this one. Okay. And let’s try and search engine. Any search engine like Google either you to either bank. com and type anything which is okay. Let me try this time. If it is not working, at least you get the idea of it is basically it will stop the such such world by the way it is to show me even if I enter the mate is to stop me so it never stopped me. Okay, it will be like this one, let me show you. So this one. Okay, let’s go there. Yeah. So when you type, it will block you. Web page has been blocked. The same example, I’m giving you edel swim. So if you go to edit swim because two word is coming there edit so it will stop you from searching. Okay? It will give you an error like this one.
Any other word, I don’t know what word to give them. I cannot give any word because it’s not a good way to give anything bad here. So that’s why I’m typing adult something. If you type any foreign picture or something so maybe it will stop you properly rather than to use either, let me type it as bitter. It’s not a good way but let me type another word. Okay? If I go to Bing either Google. com okay and type here. Okay, let’s see now. So it’s not working properly. It has to stop me for such word which I don’t want to ride here like you understand try them such type of words it will stop you to searching, it will stop you in the first place. Okay? So that’s what we use here enforceafe search on Google, Bing and YouTube and you have to type this as trick okay? Another one is 40 guard category base filter the one which we use here. If I enable let me disable this one, it’s not working properly but anyway you understand that here is this the same thing which we use. And with filter there are also categories like phonography, abortion and all those things gambling okay dating, weapons, sex education and all those and again a loud monitor and redirect to block portal. Okay so suppose if I want to stop anything which is already allowed like a streaming media which we done there as well. So if I click here and I will say redirect to block portal block portal you can configure here redirect block portal use 40 guard default either you can specify your own and put the banner okay there but anyway in this case I want to use the 40 god default banner redirect they will redirect me here.
So in streaming media which we think are coming under this one you do discuss this one and this one yeah, it’s the same thing. So if I apply okay and let’s try streaming media. So streaming media like YouTube and dailymotion if I say Youtube. com two s two stop me from accessing either dailymotion okay? So we are using basically web pages block. You have tried to access your page which belong to category that is blocked. Even though I’m not using any other thing. If I go to policy and object maybe you think that this block by web filter we are only using DNS filter only everything web filter is disabled. Intuires is disabled. So this thing blocks them. And how we know if you go to logs and report and DNS query so you will see the traffic here, this is the YouTube. And also you can go to dashboard and also you can check from not dashboard here as well session it will show you all the session. There is another one again they change them and security as well.
And those things it will show you that it has been blocked. Okay? So it means DNS filter can do the same job which is done by width filter let me go back to security profile DNS and default DNS. So this one is done, save search is done. We can use the category and let me close this one. What else we can do? Domain filter we can use the same our static like the one which we’ve done here. So you can use this one just create new and again simple rejects either suppose if I say Facebook. com it’s the same thing and redirect to here either allowed or monitored redirect means of block portal which they configure this one, this redirect they will show you this one. Okay? And you want to enable this rule facebook. com and if I say okay, let me type www as well and this will be redirect if I will disable the other one. Yeah, so it means only this one will be deny Facebook. YouTube will be right now because I removed that was it policy. So it’s working now. And if I say Facebook, let me type here facebook so it will redirect to the same banner which they show me and the YouTube as well. So let’s see Facebook. com. So go to advance. Okay, so for some reason they are not giving me proper results. Do it like this way and go to Facebook. Okay, so after a while it will stop you.
And then the next thing if I go to DNS filter so domain default. Okay, what else we can do through this one? If I disable this one, there is external IP blocklist. You can give them external IP. You can create your own external range. There are so many blocklist IP. If you want to block those domain and IP, create a file and redirect here so it will stop those IP you can create here. If you say create, let me show you okay from external as well. And also you can create your own web URL as well. Put your all IP and if you want to put username and password in there, suppose I give them any name URL for resource there is a list. Let me go to blog list IP ranges no, sorry, there’s none block list Ipurl. We configure in our one as well. Okay, so there is a list so many websites you can take from there. So let me try this one now this one is only few. So let’s go to the one which we have so many list. Basically in those list they mention IPS which is blacklisted like Russian and Chinese and those IPS been blacklisted. I’m searching for that one. I forgot the actual one which we have a list. Let me go to my goodness, I totally forgot the list of suspicious IPN list. It’s like a text file. You can say it may be from this one if I check okay, if I go to any link they don’t have, normally when you search, a huge list will come. Okay? So you can put that list and you can block them anyway, I need to search them first and then anyway, let me suppose this one yeah, there is a full list in this one. When I search, I will show you and you have to put that list external URL, resource link URL and if there is a username and password and okay, it will come here and those IP will be blocked if they are coming inside to your zoning. Okay then DNS translation limit this one and redirect portal. I already told you this. The one which 40 get used and you can specify your own one as well. Allow DNS Request. One rating. This is related to rating which I told you there in Wave filter as well. So this is related to a rating and logs are DNS query and response. Anything DNS related it will be logs here which was here. So you can enable this one. So this is DNS filter. You can do so many anything like a web filter stuff and also you can put save search and botnet website and also external IEP ranges and you can block static domain as well. Okay.
39. Lecture-39:Security Profile Application Control.
Means anything like a Facebook is implication twitter is application facebook chat is another application facebook what is we call chat room is another application content which we write the videos IO or streaming all those are separate application. So in firewall these called application and next generation firewall and this is the beauty of next generation firewall to recognize and stop and allow and control the traffic based on application and it’s a good theme like if you want it, I want to allow Facebook but I want to stop chat yes it’s possible through next generation firewall. So this is called application control you can control the application using application control profile you can standardize you can buy application not by port, not by protocol as I give you an example normally we are using Facebook this while I am giving you example of Facebook and Facebook when you log in there is a chat room as well There is file uploading as well there is when you put your messaging I don’t know what is that call the content window type so you can say that Facebook is allowed but nobody can watch the video no can body do the chat so you can control them by application control.
So this is called application control so again we will use the same topology it’s my internal system which is connected and here is the firewall and we are connected with net interface outside so what we can do, let’s go to application control. Here is application control again. There are three default already created for us. Block high risk. It will only high risk application will be blocked. Default one which normally do monitor only and monitor. We know it will generate log, but it will never stop them. And the third one is for WiFi again. You can clone them, you can edit them and you can delete them. And you can search and reference. Mean this one is used somewhere. But let’s create our own one. So I say application control and here I will say control profile I give them this name you can type comments if you want these are the category predefined category they have point to point is block point to one means these bit torrent and all those skype communication and all those we call them P to P okay? And this I icon basically you can see from here I means this is monitored tick mark this means allowed and this one is blocked and this means quarantine means for some time it will keep them what we call them quarantine. So these are their default category.
Proxy is blocked and what is unknown. Application is allowed webplant and everything is monitor only. It means the default one which is showing here is not good one. Suppose if you want to test social media social media means there are so many things coming under this category. If you want to see the signature, these are social media application. The one which we normally know. Let me type Facebook. So Facebook, Twitter we know and other one is I think so LinkedIn is also coming under this one. Yes. So these three know we know. That’s why I just need to show you. These are our application. Look it in Facebook. If I say Facebook is not one application inside they have an application like a button, personal plugin, search, workplace okay. And then download upload everything you can control chat and everything. Instagram is also coming under this category. So this is social media. 1116 application is there. N 31 is cloud based application. This cloud is the sign up cloud is showing you. And this number means that there are 1116 application inside social media. 168 insert proxy and 47 insert cloud it and it means these all will be monitored. And this one is means to block them. And this green means allowed. So suppose we want to block social media for organization.
Click on this Ie. So this is monitored allowed blog quarantine view the signature and view cloud signature. This signature means the application which you want to see. It that you want to see the list of 1116 application. Anyway, I say block I don’t need social media application and okay so my application control profile is ready. Go to policy and object and go to allow all edit. Okay, remove this one because we want to properly test application control and choose the one which we created and apply. Okay, so before Facebook was reachable if we test them again it has to be stopped. And also Twitter. And also the other application which we say LinkedIn. So the message control application has been blocked because the category is social media and nothing is okay. Down if you go, nothing more. And I told you this banner application control panel. If you want to modify, go to system replacement messages. This time replacement message is related to application control. So application control is go to extended view. This one is a bit. So it’s better to search here. So this is application control blog page. If I click this one so you will see that message. The one which is mentioned here. Look it. Let me change this one so that we can see this can be changed or not.
So let me go to if okay. If it is coming to search here is difficult. So let’s do it our own. I don’t know which where is this been written. So I need to search this in XML file. Yes. Okay. What am this one? Application control. Let me type here. ABC just to show you and refresh this one. It will be 48 application ABC. So it means it’s working. This banner is taking from here which I told you yesterday. And the same will be Facebook, facebook, LinkedIn and all those things will be blog. Another one is Twitter. Let’s try Twitter as well. So let me type from here. So it will give you the same banner message. Also instagram. Okay. And Twitter is not reachable in some cases it will not reach them sometime it will show you the banner properly. And also Instagram was also coming under this category. Again, it will show you this pinstall. So it’s not reachable and we can verify this one. Go to logs and report and there is application control. Okay, this one under Logs and Report, application Control that will show you the result. So Instagram has been blocked, but it was not showing proper result. I told you this due to certificate and also LinkedIn was only working. Okay, yeah, this one is working properly. Twitter, I think. So it was not working properly. But anyway, it will show you here.
So instagram. Twitter is block. Instagram is block, okay. And these are the action who say this one under Logs and Report, application Control told me this one, this application is being blocked because we apply this rule here, okay? And also you can verify forwarding traffic as well. So it says that Twitter has been blocked by UTM Blog. Okay, denied forwarding. And also I don’t know because they just change a bit. So it was somewhere here as well, application Control and this new one a bit changes. So I need to search that one. It’s the botnet related by the way. And also there is application I don’t know, it will show here and now in the new one. So it’s showing me this time. So these are the application which we access them Twitter, LinkedIn, Instagram and Google. So these are called application and these are the risk factor and category of everyone. Like Twitter is coming under social media. And these are the graph which we access from last 1 hour. You can change them to 24 and search and make them bigger and so on. And also in session, you can see all the session which created. So we done one thing, Application Control, but we use the default category. So let’s go back to Security profile. Go to application control. Click on your own which you created, your custom one and say that I do need this one. Click on monitor, remove it this category, let’s go down. They say network protocol enforcement. What is Network protocol enforcement? If I enable, you can put the protocol has to use default code number. If I click and port number 80. Suppose in enforcement I say that Http has to work all the time on port 80. If violation occur, block them another one. I told them that four, four three port is built in for Https. If Https is coming from any other port number, block them, we can test them. So let me do another XP and change the port number. I have XP another XP XP outside.
And let me put this XP as an outside. I just told you just change the interface so it will become outside. It’s now outside and on. So my 40 gigabit has two interfaces. Net is the outside and lane sigma is the inside. So I put one XP outside and this net I put the new XP in this subnet. And I have XP inside in this segment. So this just like outside one system for me, like a Google, Facebook, whatever. Here I will enable http okay, let me see the IP address first which IP we will assign. Because outside we are using 1114 IP. This is my subnet. Outside we have this the outside 1114. So let me check my IP. So we have to assign change this IP either make them default one either let’s put dynamic aesthetically 192-16-8114 supposed 150 and 109 216-8114. What is our outside range? 133 is the gateway and this the 88 is the so this becomes like an external system for me. And I hope so I will be reachable from inside. Let me try them. Ping 100 and 921-681-1415. I assign this one. So yes, I’m reachable so on external XP. Let me enable sorry, we here is XP. This one Zim server and configure Zim server with the IP click here. And this is our IP 150. Let me use the default port first, it will start. So 80 port n four, four, three is the default port for web server from inside XP. Let me access this IP 192-16-8114 dot 153 web server will be accessible. Yeah, this server, this is server five.
So it allowed me firewall because firewall say okay, no issue because the server you are accessing Http, they are using port 80. And yes, it’s true, I’m using port 80. Let me change it apache and I will say use port 80 80 rather than 80 stop and start. Now I change my port number. So if I try from XP headset, it will not work. But you will say because you change the port. So yeah, let me type the port 80 80 still okay, it accessible. By the way, it is going to be so let me copy them and as an integral because sometimes it’s taking from history. Okay, so it’s accessible. Why? So I need to go beg. I need to check why it allow them on not on the default port. So let’s go to application control. Go to application profile which we created custom one. Okay. I did not supply. Yes, if I say violation occurred to stop them Http for some reason I don’t know why they did not stop them Http. I told them if Http is using any other port beside at sub, block them. So by the way, everything is okay. Nothing is let me double check. Yes, it has to stop them. And I already apply this one here, let me double check. So it has to mention here. So let me try again. By the way, they hasn’t to allowed you the port which you are not a standard port. So I told them, don’t allow this one. And they have to give you a message, a warning message that in this port. But unfortunately, for some reason why everything is this time not working for me.
Now, let me show you. Here. If I done it here, okay? Standard port. If I done it, I didn’t. Somewhere here. It should be here. But it will stop you. Let me go back to security profile application control so application control not only doing application control but you can do extra job one of this is this one network protocol enforcement that these protocol has to work on these port if violation occur, block them for me it’s not worth this time. I don’t know why I need to troubleshoot them then let me remove this one now. No need anymore. Another thing is here application and filter were right, you can use your custom these are all the application. How many application? Two 1119 application it’s written here as well. These are the altogether application categories like four shared like what is called@gmail. com@yahoo. com ABC. com and all those things is considered application so we have that much application maybe you need to deny some specific application which is not mentioned in this category. We use this category, this is built in category maybe I want to allow Facebook but I want to stop Twitter can I do here? No.
If I say block, it will block every social media let me allow but here I can do my own choice of thing so I came here it said type application or filter you want to apply your own filter either by implication you want to select and which action you want to take monitor just to generate logs and it will be allowed? Allowed it will allow, but no logs generated block definitely you want to block them in current time to keep them for some time it will not work when their threshold is reached so they will allow them for time being. So which thing you want to do? Because block we can see the result so I will say block and add all result which thing you add? It will show you here. So I didn’t add anything here my selected okay selected all by the way so let me go to all again. So it’s up to you. You want to filter either you want to select here and remove selection either ed because I selected all together I don’t want to remove all by the way and let me select all and remove all. It will show you zero here because I didn’t select by mistake. I select all and it’s added. So it’s up to you. You can do it one by one here search suppose if I say I want to stop the Facebook related anything search it and select Facebook.
Select sorry control and select select okay and Facebook anything related to Facebook I want to stop okay up to this point yes enough. And when you select them, add to selected so 1255 application is being selected. By the way, why select too much? Okay? The yellow one they also selected. Okay. So all these application which you selected, it will come here I think. So I did not select. Okay, let me go back just 1 minute. It will come up. Either it was selected but too much. So it takes time. So either I did not select either I select too much. I was just showing you Facebook. That’s why I select a minimum one. Because it require more range to generate. So that’s why let me stop this one. Okay. So I am big here. It’s bitter to do it filter. Filter is easy. Okay. So let me select Facebook. Facebook and search so Facebook related application. Okay they selected and here is ed either let me do by is better to do it here. Suppose if I want to do multi social media. Social media related. Okay? And now select all social media. I need any easy way to do it to show you, okay? So social media is edited and press OK. They change the way it says oh my goodness. It says selected by select social media okay and let me do it facebook you can select them and select control to multiple selection and shift if you want to more. And when you click at the end, it will select up to that point okay. And press OK.
For some reason why they are not selecting me if I’m doing something rather should be one button before when you click, they have to add it when it is not there in this new one. Anyway, let me do it again something. Okay. By the way, you can do filter by popularity as well. By application category as well by behavior as well. So filter will give you more control if you want to do it by this way. Like suppose if I want any risk application. Okay. So you can select this high risk application and all this okay it’s selected okay. So you can select by this way. Okay, they selected last time this was too much application. So in this way I told them block action. These are the application and this is my filter. There are two method. I show you by the way. If I delete this one and this one if I do it again. So two ways. One is by application, the other is Filter. Filter is nothing but it will filter you and give you by category and by any popularity and technology anything. You can choose them by implication. You have to choose an ad. So it’s up to you. So if I say Facebook okay and let me select it selected it was before I was searching for this one. Now you can select many and just say eight to select it. If you are using by application okay, it’s this enough? Nine selected here. I selected nine with this tech mark these application. I want to blog them and okay, it will come here. So this is by application and another way is filter. If you want to filter the application, click a filter here and which thing you want. Like a botnet cloud. This is by behavior and this one is by application category. And this is popularity.
Suppose we need high risk application. I want to stop all high risk application. So I choose all this risk application and okay, so two things we can do it by application and by filter. Enixion is block. So this is the one which I have application and also filter word, right? That’s why it’s mentioned to name here and now it’s okay and done. And because it’s already attached if I go back to my XP. So hopefully Facebook will not work. It’s better to show you from here. Click on this one. It will show you a banner again if everything is working properly. And also risk application. So a risk application is this one. You remember this one which we test them. So look at is not going there 40 gate application test the risk key website. Yesterday we test them for viruses and for Facebook. Let’s see. So for some reason, again the same issue Facebook is not showing me properly. It has to show the same banner like this one. And to verify application control, go to logs and report. And there is application control. It will tell you about Facebook and their website. So Facebook is blog but for some reason it’s not showing me the banner. And also this website. This is coming under risky application because we choose two things filter risky application and application.
We choose Facebook. So that’s why it’s showing me blog. Blog this one and also this website which we yesterday test which we go to detail it’s coming under risk. Which risk? This one stills category and all the detail is mentioned here. Okay, so let’s go back to security profile application control. What else we can do with this application aided. So they have predefined category. We can block and allow those. We can allow protocol enforcement and we have our own. Let me delete them. We don’t need we test them. Then there is block application deducted or non default protocol. They think the one which was that will be enforced not to block. This one is block application deducted a nondeferred port. So I need to on the XP again, which I was showing you the same result. It will work. Now. By the way, this one is different one. I told them that always Http has to be enforced to work on those port. But it will work in other port as well. But this one is block application detected a non depart port which I was talking about. And this one allow and log DNS traffic. Definitely DNS traffic will be logs. Okay. And what is quick. Quick is basically a protocol, a new protocol in browser.
Normally when something is not working, this is for UDP traffic. Okay, so we are coming here and deny or allow them. Here is a Quick anyway, it’s somewhere. I need to find out in one place where we can check that Quick. Let me search it. I don’t know why I forgot everything on right time. Quick Protocol and Google Chrome. So quick. UDP Internet connection is an experimental protocol. Normally when your proxy is not working any other thing. So you have to come here and disable this one the same. We’ve done our organization as well. Our proxy was giving issues, so we went there and you can enable here. That means you have to go like this way and you will find the Quick protocol somewhere which they mentioned here. So if I say here so that’s why they mentioned disable. Because I told you I already disable in all our organization, our proxy was some issue. So the Take team told me to disable this, then it will work the proxy properly. So then we use a script to disable in all organization anyway, so that’s why it’s mentioned here as well. Where was this one to allow our block. So you can do the same job from your firewall as well. And definitely replacement message, http based application. That replacement message, I told you it has to be Http based. The last thing which I need to show you, block application deducted a non deferred port which I was talking about. So I remove everything, only enable this one and okay, it’s the last thing to show you. So now let me enable this one and start. So 80 88 will not work before it was working. Okay, and what was the IP address? 150. So if I click okay, it’s again. Coming. Why let me do it like this way for some reason why? I don’t know why it’s not blocking me. Okay, let me get this one. And also block application. Yeah, it’s okay now. So it says that 40 gate application block UI because I’m not using standard port. So it means this two has to work together here to replace them. I can’t remember you guys never touch them. So this one I say Http has to work only on port 80 and Https has to work in four, four three.
These are the enforcement. None other port has to work. And also I told them block application and non deferred port. So I’m using non deferred port. But if I change my outside to the standard one, then it will work. Standard one is 80 port for Http. Okay, if I say yes and stop and start again now it’s the standard one and if I go to XPN side and try with 88 will work. Yes, and it will show you the result as well. Here again with application control with the standard port, this one is allowed. The last one before it will be here somewhere. It’s block here. Chrome default. If you see the detail, it will tell you that the issue was with the port. Yeah. Default port is used 80 80, which is not allowed, because the standard port is 80. For Http, we say enforce this one. So it means application Control can do the port enforcement as well for you. So let me go to application control. This is the only thing which we can do. This was the application control. Okay. From top to bottom. Anything? No, that’s it. Let me go here. If I missed something. Port enforcement. This one, which I told you in protocol enforcement, you have to type this one and a type with 80. So it will not work. Besides, standard port.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »