How to use APP Enforcement?

APP Enforcement (APPE) helps Network Administrator to block applications (IM/P2P/Protocol/Others) on LAN network. The following example shows how to prevent LAN clients from using PPTV service by APPE.

1. Create an APP Enforcement Profile: Click on an Index number to create a new profile at CSM >> APP Enforcement Profile

a screenshot of APPE profile list

2. Set up the details in the profile.

  1. Enter Profile Name
  2. Choose the category/APP which you want to block.
  3. Click OK to save
a screenshot of a APPE profile which has PPTV enabled

3. Use the APP Enforcement Profile in a Firewall Filter Rule: Go to Firewall >> Filter Setup >> Filter Set 2

a screenshot of firewall rule sets

4. Click on a Filter Rule number to set up a filter.

a screenshot of firewall rules in Rule set 2

5. Set up the details in the profile.

  1. Enable the Filter Rule.
  2. Select the Direction to LAN/DMZ/RT/VPN -> WAN
  3. (optional) Edit the Source IP if you want to apply this firewall rule to certain IP only.
  4. Select Filter as 'Pass Immediately'.
  5. Select APP Enforcement profile we created in Step 2.
  6. (optional) You may also enable Syslog if needed.
  7. Click OK to save.
a screenshot of Firewall Rule configuration

6. With the above configuration, LAN clients with IP address 192.168.1.10 will not be able to use PPTV.

a screenshot of PPTV not working

7. If "Syslog" is enabled the firewall rule, we will see the following message in Syslog when APP Enforcement is working.

a screenshot of syslog showing message about APP filtering

1. Go to System Maintenance >> APP Signature Upgrade >> Auto APP Signature Upgrade to make sure the router has the latest version of APP Signature.

a screenshot of Vigor3900 Auto APP Signature Upgrade

2. Go to Firewall >> Filter Setup, and click Add in the Application Filter tab

  1. Give a Profile Name
  2. Enable the profile
  3. (optional) Set up Time Object for office hour and Source IP of specific LAN clients
a screenshot of Vigor3900 Firewall Application Filter profile

3. Click Add in APP Block

  1. Select the forbidden application(s).
  2. Click Apply
a screenshot of Vigor3900 Application filter profile

Now we can try to open TOR browser to see if it's blocked.

a screenshot of TOR Browser

Enable Syslog to print the Firewall Log. We will see the following message on the Syslog File tab when the APP filter is triggered.

a screenshot of Vigor3900 syslog

Published On: Mar 20, 2020 

Was this helpful?     


Related Articles