User`s guide
1.
2.
3.
1.
2.
3.
To block, allow, report, or throttle network traffic for specific application types, enable Application Control. It uses Layer 7 deep packet inspection
to detect and prioritize traffic for services like instant messaging, social networking, or video streaming. It can even detect applications that try to
evade pattern-based detection mechanisms by port-hopping, protocol obfuscation, or traffic encryption.
You can select the following policies to control traffic:
Application Detection Policy Description
Limit Bandwidth
Limits the bandwidth of traffic. Depending on the QoS band that you
select, traffic is either slowed down or choked. Choking traffic assigns
0.1% of the available bandwidth to the application, making it unusably
slow without sending connection error messages to users.
For more information on QoS, see How to Configure Bandwidth
.Policies or QoS
Drop
Drops the connection and displays an error message stating that the
connection is not possible or has been denied.
Report All Lists detected applications on the paBASIC > Recent Connections
ge.
Follow the instructions in this article to enable Application Control and then configure it in firewall rules.
In this article:
Step 1. Enable Application Control
Step 2. Configure the Firewall Rule
Step 3. Verify the Order of the Firewall Rules
Monitoring Traffic for Controlled Applications
Step 1. Enable Application Control
To block application traffic, you must first enable Application Control and define the default policy.
Go to the page.FIREWALL > Settings
Select the following settings in the section:Firewall Policy Settings
Enable Application Detection: Yes
Default Application Detection Policy: Drop | Report All | Limit Bandwidth
Click .Save Changes
Step 2. Configure the Firewall Rule
After you enable Application Control, configure firewall rules with the filter patterns for the applications that you want to limit or block. The
pre-installed firewall rule allows network traffic for all types of data from the trusted LAN to the Internet. You can editLAN-2-INTERNET
the LAN-2-INTERNET rule or create a new firewall rule if required.
Because Application Control can impact the performance of the Barracuda Firewall, be as specific as possible with firewall rule settings.
To edit the LAN-2-INTERNET rule:
Go to the page.FIREWALL > Firewall Rules
Edit the firewall rule. LAN-2-INTERNET
LAN-2-INTERNET Default Settings
Action Source Destination Service Interface Group Connection
Allow Trusted LAN Internet Any Matching (matches
all interfaces)
SNAT (Source NAT
using local IP
address obtained
from a routing
lookup to the
destination)
In the window, click the tab and configure the following settings:Edit Access Rule Applications/Bandwidth