Applications

On the Application stage page, you define application rules that apply block, allow, or continue actions for requests to applications. Also, TLS-encrypted traffic can be decrypted for inspection.

Application rules allow you to create policies that control which applications are allowed for use in your organization, and control access to those that are not.
Note:
  • The non-web applications are only supported by Forcepoint ONE Firewall.
  • For web applications, you must configure a SWG policy by using the Forcepoint ONE admin portal.
An application rule consists of the following elements:
  • Rule: Defines rule name and description.
  • Application: The application or application category to which the rule will apply. Applications are system-defined resources.
  • Applies to: Defines where traffic must originate from for the rule to apply. Source can include one or more sites, or source IP address lists. By default, the rule applies to traffic from any source to which the policy applies.
  • Users: Defines the users (or user groups) from which the request must originate to match this rule. Rules can be applied to All Users in order to match any user whose identity is known. Users can be identified by the Web Security Endpoint or via SAML-based authentication.
  • Action: The action applied to matching traffic. The actions are:
    • Allow and Bypass: Allows traffic and bypasses further inspection. Traffic is not decrypted, and no further policy processing stages are applied.
    • Block: Blocks matching traffic by terminating the session. No further policy processing is performed.
    • Continue inspection: This action allows matching traffic and applies all further policy processing stages.
    • TLS inspection: Defines whether secure traffic that matches this rule is decrypted for inspection:
      • Do not decrypt: Secure traffic will not be decrypted. This traffic cannot be inspected.
      • Decrypt: Secure traffic will be decrypted for inspection. Decrypted traffic is re-encrypted before being routed to the Internet.
      • Default: The TLS inspection setting is inherited from the Default TLS inspection setting of the policy.