From UntangleWiki

Contents 1 How do I use Application Control Lite? 2 What happens if i set a protocol to block? 3 How do I add a protocol to Application Control Lite? 4 I've already installed the Firewall. Isn't Application Control Lite redundant? 5 I want to block a file sharing protocol for some of my users but not all. How can I do this with Application Control Lite?

How do I use Application Control Lite?

Application Control Lite runs simple regular expression signatures against the datastream. If a signature/regex matches the action is taken for that particular signature (log or block). Please do not go through the list of signatures and block what you "don't need;" these signatures are not exact matches and can have false positives.

What happens if i set a protocol to block?

A few things could happen:

• It will block the protocol completely
• It will only partially block the protocol (many multi-session protocols only have some sessions identified)
• It will block the protocol and block other things too (false positives)
• It will block the protocol and the application will adapt and use an alternative protocol to communicate

Please be aware of these results and be sure to do some testing when using or adding specific rules.

How do I add a protocol to Application Control Lite?

Application Control Lite provides numerous default protocols that you can block, but if you want to block a protocol that Application Control Lite doesn't list, you must add that protocol. To add a protocol you must provide Application Control Lite the protocol's signature. To determine the signature, you must analyze the packets, and this process can be tricky. Contact Untangle Technical Support to request the signature.

I've already installed the Firewall. Isn't Application Control Lite redundant?

The Firewall application works to block traffic for IP addresses and/or ports. For well-behaved applications (such as legitimate web and email servers) the port can be used to identify the protocol. However, less legitimate applications may use different ports, or malicious users may deliberately use unwanted services on obscure ports.

Application Control Lite scans all traffic, looking for a match even if traffic was not transported across the expected port for that protocol.

I want to block a file sharing protocol for some of my users but not all. How can I do this with Application Control Lite?

The Application Control Lite cannot by itself filter just for some machines, and not others. However, you can create new Policies and Virtual Racks (See Policy Management) to partition some of your users through Application Control Lite with [some file sharing protocol] blocked and not others.