Default elements for network applications

There are several predefined elements for working with network applications.

Application Type elements define general categories of network applications. One Application Type element can be associated with each Network Application element. Application Type elements are predefined, and you cannot create Application Type elements.

Tag elements help you to create simpler policies with less effort. Tag elements represent all Network Application elements that are associated with that Tag. For example, the Media Tag includes several web-based image, music, and video applications. Several Tags can be associated with each Network Application element.

Dependencies for network applications define other network applications that must also be allowed when the network application is allowed. When you use a network application that has dependencies in a rule with the Allow or Jump action, or in a NAT rule, the rule also applies to the related network applications. When you use the network application that has dependencies in a rule with the Continue, Discard, or Refuse action, the rule does not apply to the related network applications.

TLS Match elements define matching criteria for the use of the TLS protocol in traffic. When a connection that uses the TLS protocol is detected, the server certificate for the connection is compared to the TLS Match in the Network Application definition. TLS connections are allowed only to sites that have trusted certificates that meet the following criteria:

  • The certificate domain name must match the domain name in the TLS Match element.
  • The certificate must be signed by a valid certificate authority.
  • The certificate must be valid (not expired or revoked).

TLS Match elements can also specify whether to decrypt TLS traffic to particular Internet domains for inspection. The default TLS Match elements deny decryption of only the following types of traffic:

  • Traffic for Network Applications that do not work correctly if the traffic is decrypted.
  • Traffic that is functionally critical, such as connections to the Forcepoint Advanced Malware Detection service, or to services for automatic dynamic updates and engine upgrades.

For more information, see Knowledge Base article 18074.

The predefined elements are imported and updated from dynamic update packages. The set of elements available changes whenever you update your system with new definitions. The Release Notes of each dynamic update package list the new elements that the update introduces.

Network Application Properties dialog box

Use this dialog box to view the properties of Network Application elements.

CAUTION:
Do not create Network Application elements. Use the predefined Network Application elements instead.
Option Definition
General tab
Name Specifies a unique name for the Network Application element.
Comment Adds a comment to the Network Application element.
Application Type Shows the selected network application type.
Select This option is disabled.
Parent Application Shows the selected parent network application.
Select This option is disabled.
Description Shows a more detailed description of the network application.
Supported Engine Versions Specifies the supported engine versions for the Network Application element.
Standard ports, unless otherwise specified in 'Service (Port)' field
Protocol Shows the protocol for the default port.
From Shows the start of the port range.
To Shows the end of the port range.
TLS Shows whether TLS is required, allowed, or forbidden.
Add Port Adds a port associated with a specific protocol.
Remove Port Removes a port associated with a specific protocol.
Protocol Shows the Protocol Agent element associated with the Network Application element.
Select Selects a protocol agent from TCP and UDP Service elements.
TLS Match Shows the TLS Match element associated with the Network Application element.
Select Selects the TLS element associated with an Network Application element.
Application Identifiable by TLS Match Alone Shows whether the network application can be identified based on the TLS Match alone.
Option Definition
Protocol Parameters tab This tab is disabled.
Option Definition
Link Selection tab

Shows the quality metrics that determine which Multi-Link VPN link traffic associated with the Network Application uses.

The options on this tab are not editable. You can use QoS Class elements to override the default settings shown on this tab.

Bandwidth Specifies how important the bandwidth of the connection is for determining which link traffic uses.
Jitter Specifies how important variations in the delay of received packets is for determining which link traffic uses.
Latency Specifies how important delays in packet transmission are for determining which link traffic uses.
Packet Loss Specifies how important the number of packets of data that fail to reach their destination are for determining which link traffic uses.
Stability Specifies how important variations in the availability and quality of the connection are for determining which link traffic uses.
Option Definition
Tags and Dependencies tab
Dependencies

Shows related network applications that must also be allowed when this network application is allowed.

When you use a network application that has dependencies in a rule with the Allow or Jump action, or in a NAT rule, the rule also applies to the related network applications.

When you use the network application that has dependencies in a rule with the Continue, Discard, or Refuse action, the rule does not apply to the related network applications.

Tags table
Name Shows the name of the tag.
Comment Shows the comment associated with the selected tag.
Type Shows the tag type.
Add Tags This option is disabled.

Application Type Properties dialog box

Use this dialog box to view the properties of an Application Type element. You cannot edit Application Type elements.

Option Definition
Name Shows the name of the element.
Comment Shows a description of the element.
Save Not available in this dialog box.

Application Usage Tag Properties dialog box

Use this dialog box to view the properties of an Application Usage Tag element. You cannot edit Application Usage Tag elements.

Option Definition
Name Shows the name of the element.
Comment Shows a description of the element.
Save Not available in this dialog box.