Create Access rules for network application detection

To detect network application use, create Access rules that define the matching criteria.

Note:

If a TLS Credentials or Client Protection Certificate Authority element has been uploaded to the engine, adding a Network Application element that allows or requires the use of TLS to an Access rule might enable the decryption of the following TLS traffic:

  • TLS traffic from network applications that cannot be identified based on cached network application information.
  • TLS traffic that matches an Access rule that enables deep inspection if the Service cell contains a Network Application or Service element that does not include a Protocol Agent.
  • TLS traffic for which there is no TLS Match with the Deny Decrypting option that excludes the traffic from TLS Inspection.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Browse to Policies, then browse to the policies of the type that you want to edit.
  3. Right-click a policy, then select Edit <policy type>.
  4. On the IPv4 Access or IPv6 Access tab, add a rule in one of the following ways:
    • Right-click the last row in an empty rules table, then select Add Rule.
    • Right-click the ID cell of an existing rule, then select Add Rule Before or Add Rule After.
  5. Drag and drop elements from the Resources pane to the Source and Destination cells, or define source and destination criteria.
  6. In the Action cell, select the action according to your needs.
  7. Define the value of the Service cell in one of the following ways:
    • Drag and drop a Network Application, Application Type, or Tag element to the Service cell.
    • Right-click the Service cell, select Edit Service, then add a Network Application, Application Type, or Tag element to the Network Application cell.
      Note: If you add a Service element to the same row, the ports specified in the Service elements override the ports specified in the Network Application elements. You cannot use Network Application elements and Service elements on different rows of the same Service Definition.
  8. (Optional) If you created a service definition, right-click the Service (Port) cell, then specify which ports traffic matches.
    By default, the ports that traffic matches are selected automatically depending on the action specified in the rule.
  9. In the Logging cell, select options according to your needs.
    If you want to include information about network application use in the logs, select Default or Enforced for Log Application Information.
  10. Click Save and Install.