Chapter 2 – Policy
2-2 Application Profile
Learning Objectives
- Working with application profile in FortiGate
- Create a Traffic Shaper
- Apply Traffic Shaping to the traffic
Application Profile
Working with Application Profile
1- Go to Policy & Objects > Firewall Policy section, select LocalToInternet policy you have created in the previous section. Click on Edit
2- Go to Security Profile section> Application Control
-
- Create a new Application Control
- Name: Ban-SocialNetwork
- In Categories Block Social Media, Video/Audio
For Application and Filter Overrides. Because a filter override is configured to block applications that use excessive bandwidth, it will block all applications using excessive bandwidth, regardless of categories that allow these applications.
3- In Application and Filter overrides> Create a new
-
- Select Application
- Action: Block
- Application: Youtube
4- In Application and Filter overrides> Create a new
-
- Select Application
- Action: Block
- Application: Facebook_Chat
5- Ok all and now open the browser and go to Twitter.com or YouTube.com and try to search for a video and you should receive an application block page.
6- Go to Log & Report> Application Control and try to find the logs related to the previous step.
Working with Application Profile – Part 2
| Device | Configuration |
| FortiGate | Port 2: DHCP Server (192.168.1.20 – 192.168.1.30)
Port 3: DHCP Client |
| WebTerm1 | DHCP Client |
| WebTerm3 | DHCP Client |
1- Remove the application control you have set for policies in the previous step.
2- Add Ethernet Switch and WebTerm3 to your GNS3. WebTerm3 should receive an IP address from DHCP.
3- Set traffic shaping for WebTerm3 to save the bandwidth.
-
- Create an Address object for WebTerm3. Go to Addresses> Create a new Address with the following information
| Name | WebTerm3 |
| Type | Subnet |
| Subnet/IP Range | 192.168.1.21/32 (Check your IP in WebTerm3) |
| Interface | any |
4- Go to Policy & Objects > Traffic Shapers and create a new Per-IP traffic shaper. Shared affects upload speed while Per-IP affects download and upload speed.
| Type | Per-IP |
| Name | WebTerm3 |
| Max Bandwidth | 10000 |
| Max Concurrent Connections | 5000 |
5- Go to Policy & Objects > Traffic Shaping Policy and create a new Policy.
| Source | WebTerm3 |
| Destination | ALL |
| Service | ALL |
| Outgoing interface | Port3 |
| Per-IP Shaper | WebTerm3 |
6- To verify open the browser in the WebTerm3 and go to Fast.com.
7- Now, open the browser in WebTerm1 and go to Fast.com.
8- We are going to allow only twitter Applications in WebTerm3. Other applications should be blocked. To do:
- Add a new Policy from port2 to port3
2. Add and Application Control and Block all applications except Twitter. Then, assign the WebTerm3 profile to Application Control.
3. Then, put the policy you have created above LocalToInternet Policy.
- Verify-in WebTerm1, you should be able to reach any websites.
