Application Control

Question 1

Does Application Control use proxy-based scans?

Answer 1

No, it uses flow-based and IP engine to match patterns of the application.

Question 2

What evasive techniques do P2P apps use to evade firewalls?

Answer 2

Port randomization, pinholes, and changing encryption patterns.

Question 3

Is the application control database the same as the IPS database?

Answer 3

No

Question 4

What are unknown applications in the Application Control profile?

Answer 4

Apps that don’t match an application control signature.

Question 5

What can cause decreased performance when using application control?

Answer 5

When an app is unknown it is logged, if you have many unknown apps you get frequent logs and decreased performance.

Question 6

What is QUIC?

Answer 6

It is a protocol from Google that uses UDP instead of TCP for web access.

Question 7

What does allowing QUIC do?

Answer 7

FTG inspects Google Chrome Packets for a QUIC header and logs.

Question 8

What does Blocking QUIC do?

Answer 8

FTG blocks QUIC and forces Google Chrome to use HTTP2/TLS1.2. By default it is blocked

Question 9

In what order does FTG apply Application order

Answer 9

1 application and filter overriders
2. categories

Question 10

What comes first Web filtering or Application Control?

Answer 10

Application Control then web filtering. Note that web filtering may block something permitted by the application control.

Question 11

Do you need Deep-inspection to do application control

Answer 11

Yes, if you want to identify apps that are encrypted.

Question 12

When using NGFW policy-based mode for Application control, what must be configured?

Answer 12

Consolidated Authentication and SSL inspection policy and SNAT

Question 13

What happens when you configure URL Categories within the same security police as application control?

Answer 13

Application control only scans applications in browser-based technology category.

Question 14

Describe the process of NGFW Policy-based application filtering

Answer 14

Step one traffic is allowed while forwarding packets to IPS engine. (may_dirty) flag set

Step two: IPS identifies session and may update session table with either (dirty or app_valid) flag and App ID

Step three FortiOS kernels relooks up policy using L4 and L7 info. Applies action

Question 15

What are the two types of Traffic shaping policies?

Answer 15

Shared Shaper
Per-IP Shaper

Question 16

What is the Shared Shaper for traffic shaping?

Answer 16

Shared Shaper applies a total bandwidth to all traffic using that shaper

Question 17

Define per-IP shaper

Answer 17

applies traffic shaping to all source IP adds in the security policy. BW is equally divided among the group.

Question 18

Where are application control logs accessed

Answer 18

On the security events pane on the Logs & Report page.

Question 19

Which piece of information’s not included in the application event log when using NGFW policy-based mode?

Answer 19

Application control profile name.

Question 20

What URL do you have to check to see if there is an update issue with Application Control?

Answer 20

Check if FTG is able to resolve update.fortinet.net

Question 21

What command can you check to check of new application control updates?

Answer 21

execute update-now