cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1589
Views
10
Helpful
5
Replies

Application firewall

joeCzappa21883
Level 1
Level 1

I am looking for an application based firewall as i am trying to block a game from being played on my home network,

the game is dragon city run by facebook, i have tried wireshark for the ip but every time i run it the ip changes, unless i am doing something wrong, any help would be appreaciated

 

thank you 

 

1 Accepted Solution

Accepted Solutions

ngkin2010
Level 7
Level 7

Hi,

 

To do so, your firewall should able to:

 1) inspect the encrypted HTTPS content; -- SSL decryption, 

 2) recognize the application (e.g. dragon city); -- Application detector.

 

For the first, you need to configure SSL decryption. Otherwise, your firewall unable to read the encrypted HTTPS content.

http://cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-ssl-decryption.html

 

After you have configured SSL decryption, your firewall able to read the HTTPS content. But it don't know what is "dragon city", you may need to create custom application detector:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Detection.html#ID-2208-00000060

 

Finally, you can apply the defined application profile on your application firewall policy to deny the traffic. 

 

It's quite complicated when you need to develop a custom AppID. Try to check if you can find out the URL used by the web application, and simply block the URL/FQDN instead. It would be much more easier. 

View solution in original post

5 Replies 5

ngkin2010
Level 7
Level 7

Hi,

 

To do so, your firewall should able to:

 1) inspect the encrypted HTTPS content; -- SSL decryption, 

 2) recognize the application (e.g. dragon city); -- Application detector.

 

For the first, you need to configure SSL decryption. Otherwise, your firewall unable to read the encrypted HTTPS content.

http://cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-ssl-decryption.html

 

After you have configured SSL decryption, your firewall able to read the HTTPS content. But it don't know what is "dragon city", you may need to create custom application detector:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Detection.html#ID-2208-00000060

 

Finally, you can apply the defined application profile on your application firewall policy to deny the traffic. 

 

It's quite complicated when you need to develop a custom AppID. Try to check if you can find out the URL used by the web application, and simply block the URL/FQDN instead. It would be much more easier. 

OK this part makes sense and i can follow that and i see after re-reading my post i didnt make it very clear,   I should have asked which firewall should i buy to accomplish this task of application blocking and go from there

Since these days just about every website uses encryption, you can only get down into the level required to block games with in a site if you can decrypt that traffic. While possible on enterprise class equipment, this is not easily done on a firewall - especially not one designed for home use. You will read some articles online telling how to do it but a careful reading almost always has some subtle caveat along the lines of how it only works with http (unencrypted) traffic or if you decrypt the https (encrypted) traffic.

For home use you are better using parental controls or other such alternatives for family members' FaceBook accounts.

Do you have a link to an enterprise type firewall that could decrypt the HTTPS traffic,  then i can see what kind of price tag i am looking at and also do some more learning as i am in the process of doing my bachlor degree in advanced cyber security, then i want to pursue my security career

Normally we would not recommend the low end devices for SSL decryption as it can be quite compute-intensive process. If you only want it for learning/lab/home purposes though, then you could manage with a small Firepower 1010 appliance running FTD image. You would have to manage it with an FMC VM however to get SSL decryption support. It would be on the order of US$2000 to purchase that basic setup with Cisco kit.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: