Applies to Platform: UTM 6.8.x, 4i Edge 6.8.x, Switchboard 6.8.x
Last update: 24 Apr 2025
The application control feature provides deep-packet inspection technology to conclusively identify and create rules to manage application traffic regardless of the port or protocol being used. This ensures the application is detected and able to be managed in ways other components cannot (e.g. Web / DNS filtering). This feature is only available to be used within the Outgoing Firewall.
In the case of VPN, there is a use case where users can use this technology to evade detection and potentially violate network policies which can create new security risks or create network bottlenecks that should not exist.
Create a New Application Control Rule
Go to Firewall > Outgoing Firewall and select Add new rule
- Source Type: Here you can select Zone/Interface in order to select the internal zones you want this rule to apply
- Select interfaces: Here you should select the source zones you want to use for this rule
- Applications: In the textbox, you can type VPN and select the VPN applications to block (e.g. NordVPN)
- Policy: You must select the action to block (DROP or REJECT)
- Position: You must ensure this rule is above any other rules that might interfere with the operation (e.g. HTTP/S, DNS, etc.)
Once done, select Add Rule to create the rule then Apply to actually apply the configuration.
Confirm the Rule Creation
Once you are done, you should see the new rule created (as shown below).
Comments