[NEBULA] Mobile APP management

I evaluated the NSG50 had the function of mobile APP traffic management, so I made decision and bought it.
When I installed it, it was completed different with my firewall installation experience. The system was moved to NCC platform.
I have been studying this for days, but couldn't get it, so confusing!
The firewall gateway was not flexible compared to normal firewall USG20-VPN, and the most important thing is I couldn't find where I can manage the mobile APP traffic.
I hoped I didn't get how to set this. Is there any experts telling me how to do it or where I can have docs telling me how?
When I installed it, it was completed different with my firewall installation experience. The system was moved to NCC platform.
I have been studying this for days, but couldn't get it, so confusing!
The firewall gateway was not flexible compared to normal firewall USG20-VPN, and the most important thing is I couldn't find where I can manage the mobile APP traffic.
I hoped I didn't get how to set this. Is there any experts telling me how to do it or where I can have docs telling me how?
Sign In to comment.
Comments
If so, I feel the application traffic is easier to configure compared to the USG series. For some things I could agree there's not much flexibility but it's the price for an easier interface.
The options for application patrol are in the Firewall settings.
There are several controls in NSG, firewall rules, application patrol and content filtering, what is the flow of priorities?
I set an application patrol for instant messengers in "add application window and action "drop" for such as yahoo message or something else, does it mean it works dropping desired instant messengers traffic already or I still have to enable it in the firewall rules?
Let me know how it goes
Could you advise the security flows priority? If I wanted to disable everything but only allowed some specific web sites, then I set deny everything from every source computer at all time and set white list in content filter, is it the right way for my purpose?
As long as I know, if you set a deny "any" in the outbound rules it will also block your L3 local traffic. If you want to disable the access to websites only, I suggest you can use tick all the categories in content filtering and use the whitelist for those specific websites you want to allow.
I'm not sure if all the websites are included within that categories tho....But you could try it.
I tried allow all in the firewall rule and made one web address: *.facebook.com as black list, but I am still able to access the facebook page.
Did I need to tick all the categories before making the black list effective?
Looks like your content filtering is not working. Make sure the device is running the latest firmware and the configuration is up to date.
I set application patrol to drop some application like facebook etc, and made source/destination port/address, schedule as any.
Following an application patrol in firewall, I set deny some ip address from accessing internet in certain period of time.
Then the test started and result was:
The ip couldn't access the application, the application patrol worked. But the ip address still able to access the internet though it was blocked in the period of time. I tried to set deny all the time, but ip was still able to access anything except the applications.
The first application patrol in firewall judged the access was not those I dropped the apps, shouldn't it pass to next rule that I deny in the period of time?
Could you advise if this is correct?
I want to block some applications at all time and would like to open access in certain period of time. How should I do to implement the firewall rues and application patrol?
something like
rule1 , app_deny; protocol:any ; src:any , dst:any ;
rule2, deny ; protocol:any ; src:someIP , dst:any ;
If thats the case, every traffic will hit rule1 first since you have it as any to any, rule 2 will never hit.
I suggest you give higher priority for rules that apply to specific IPs or ones have more detailed rules.
rule1 , app_deny; protocol:any ; src:any , dst:any ; ALWAYS
rule2, deny ; protocol:any ; src:someIP , dst:any ; SPECIFIC_PERIOD
The rule1 worked and blocked some apps traffics as I wanted, but passed all the traffics though I denied them in specific period of time in next rule.
Does the application patrol only have judgments, which did the wanting behaviors: forward, drop reject, but not pass to next rules if the applications traffics were not matched?
Thank you for all the efforts you are helping out!