[NEBULA] Mobile APP management

roy
roy Posts: 19  Freshman Member
First Anniversary First Comment
edited April 2021 in Nebula
I evaluated the NSG50 had the function of mobile APP traffic management, so I made decision and bought it.

When I installed it, it was completed different with my firewall installation experience. The system was moved to NCC platform. 

I have been studying this for days, but couldn't get it, so confusing!

The firewall gateway was not flexible compared to normal firewall USG20-VPN, and the most important thing is I couldn't find where I can manage the mobile APP traffic.

I hoped I didn't get how to set this. Is there any experts telling me how to do it or where I can have docs telling me how?
«1

Comments

  • Iwannaquitthegym
    Iwannaquitthegym Posts: 23  Freshman Member
    First Anniversary Friend Collector First Comment
    I'm not sure if by mobile app traffic you meant applications traffic like youtube, facebook, etc...
    If so, I feel the application traffic is easier to configure compared to the USG series. For some things I could agree there's not much flexibility but it's the price for an easier interface.

    The options for application patrol are in the Firewall settings.
  • roy
    roy Posts: 19  Freshman Member
    First Anniversary First Comment
    Thank you very much!

    There are several controls in NSG, firewall rules, application patrol and content filtering, what is the flow of priorities?

    I set an application patrol for instant messengers in "add application window and action "drop" for such as yahoo message or something else, does it  mean it works dropping desired instant messengers traffic already or I still have to enable it in the firewall rules?


  • Iwannaquitthegym
    Iwannaquitthegym Posts: 23  Freshman Member
    First Anniversary Friend Collector First Comment
    Once you created and saved the application patrol profile with the desired action, you need to apply it in the outbound rules. The profile name should appear in the Policy list and then you only need to use a source IP and network to which you want to apply that profile.

    Let me know how it goes :) 
  • roy
    roy Posts: 19  Freshman Member
    First Anniversary First Comment
    Should I fill in source and destination port, or just leave them "any"? 

    Could you advise the security flows priority? If I wanted to disable everything but only allowed some specific web sites, then I set deny everything from every source computer at all time and set white list in content filter, is it the right way for my purpose? 


  • Iwannaquitthegym
    Iwannaquitthegym Posts: 23  Freshman Member
    First Anniversary Friend Collector First Comment
    You can leave them as any.

    As long as I know, if you set a deny "any" in the outbound rules it will also block your L3 local traffic. If you want to disable the access to websites only, I suggest you can use tick all the categories in content filtering and use the whitelist for those specific websites you want to allow.
    I'm not sure if all the websites are included within that categories tho....But you could try it.
  • roy
    roy Posts: 19  Freshman Member
    First Anniversary First Comment
    Thank you very much!

    I tried allow all in the firewall rule and made one web address: *.facebook.com as black list, but I am still able to access the facebook page.

    Did I need to tick all the categories before making the black list effective?


  • Iwannaquitthegym
    Iwannaquitthegym Posts: 23  Freshman Member
    First Anniversary Friend Collector First Comment
    I don't think so. I just tried it myself and it worked without any category.
    Looks like your content filtering is not working. Make sure the device is running the latest firmware and the configuration is up to date.

  • roy
    roy Posts: 19  Freshman Member
    First Anniversary First Comment
    Hello~
    I set application patrol to drop some application like facebook etc, and made source/destination port/address, schedule as any. 

    Following an application patrol in firewall, I set deny some ip address from accessing internet in certain period of time.

    Then the test started and result was:
    The ip couldn't access the application, the application patrol worked. But the ip address still able to access the internet though it was blocked in the period of time. I tried to set deny all the time, but ip was still able to access anything except the applications.

    The first application patrol in firewall judged the access was not those I dropped the apps, shouldn't it pass to next rule that I deny in the period of time?

    Could you advise if this is correct?

    I want to block some applications at all time and would like to open access in certain period of time. How should I do to implement the firewall rues and application patrol?


  • WebberIT
    WebberIT Posts: 53  Ally Member
    First Anniversary Friend Collector First Comment Ideas master
    Did you put the 2 rules as any to any on top of each other?
    something like
    rule1 , app_deny; protocol:any ; src:any , dst:any ; 
    rule2,        deny ;  protocol:any ; src:someIP , dst:any ;

    If thats the case, every traffic will hit rule1 first since you have it as any to any, rule 2 will never hit.
    I suggest you give higher priority for rules that apply to specific IPs or ones have more detailed rules.


  • roy
    roy Posts: 19  Freshman Member
    First Anniversary First Comment
    The rules were as below:
    rule1 , app_deny; protocol:any ; src:any , dst:any ; ALWAYS
    rule2,        deny ;  protocol:any ; src:someIP , dst:any ; SPECIFIC_PERIOD

    The rule1 worked and blocked some apps traffics as I wanted, but passed all the traffics though I denied them in specific period of time in next rule.

    Does the application patrol only have judgments, which did the wanting behaviors: forward, drop reject, but not pass to next rules if the applications traffics were not matched?

    Thank you for all the efforts you are helping out!

Nebula Tips & Tricks