Hot!Allow 2 applications but one to specific address?

Author
jasetcs
Bronze Member
  • Total Posts : 31
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/08/25 02:13:21
  • Status: offline
2018/02/13 03:20:05 (permalink)
0

Allow 2 applications but one to specific address?

I have A Fortigate 60E and i've setup Application Control to allow users to only use web clients and Citrix Receiver then added Application Control to the IPv4 Policy and it works fine.
 
Now I want to make it so Citrix Receiver can only go to a set group of IP Addresses but unsure how to do this? Lookign for any advise or pointers in the right direction.
 
 
#1

2 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 1050
    • Scores: 66
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Allow 2 applications but one to specific address? 2018/02/13 09:50:27 (permalink)
    0
    You need to find out what ports Citrix Reciever uses and separate those from existing policy and place above it. With the new policy you can limit the destination addresses without affecting to web accesses.
    #2
    dmcquade
    Bronze Member
    • Total Posts : 57
    • Scores: 2
    • Reward points: 0
    • Joined: 2016/10/31 06:21:51
    • Status: offline
    Re: Allow 2 applications but one to specific address? 2018/02/13 17:04:01 (permalink)
    0
    Seperate the policy into 2 rules. One allowing Citrix Receiver access to the specific destination IPs (You may or may not want an App Control sensor here). The other rule set up for your browsing using customized security profiles that meet your browing needs. I recommend placing the browsing policies towards the end of the rulebase because the destination is generally all public addresses (I use the group object RFC1918 and negate the destination address field).
     
    HTH
    d
    #3
    Jump to:
    © 2018 APG vNext Commercial Version 5.5