Application Control

This manual will explain the functionality and configuration of the module Application Control.

Hint

  • The module Application Control must be licensed separately.
  • Note that the Application Control can cause high CPU usage and therefore requires additional ressources.
  • It is not recommended to enable more then 20 protocols at the same time.

General information

The IAC-BOX module Application Control allows you to log, restrict or block about 190 different network protocols within the Surf-LAN. This allows you to get an overview (log) of the Surf-LAN activities to then restrict (e.g. online streaming) and/or block (e.g. filesharing) different protocols.

Configuration

After activating the Application Control in the menu Modules / Application Control, you first need to define at least one Bandwidth Group. Bandwidth Groups are global and not per client.

../_images/application_control_1.png

Now you can switch to the tab Policies to check the available protocols sorted by groups. Enable individual protocols or whole groups and then determine the action to be applied for this rule.

../_images/application_control_2.png

There are four different actions which can be configured for each rule:

  • Log only
    • The selected protocol will be logged which allows you to examine how often the protocol is used and how much traffic it produces.
  • Bandwidth Shaping
    • The selected protocol will be limited to the bandwidth of the selected bandwidth group. Thus you can allow specific services (e.g. online streaming) for your users but only with limited bandwidth.
  • Reject
    • The selected protocol will be blocked completely. This option is useful for example for P2P file sharing and other unallowed protocols.
  • Drop
    • This option will drop the packet without sending any reject related information to the counterside.

Please note that due to the encryption of many protocols, the selected action (log, shape, reject, drop) for the protocol will take effect only for new sessions. That means, that already opened connections may not be affected when activating the Application Control.

At the Live View you can see the traffic of all activated protocols.

../_images/application_control_3.png

This will give you an overview of the protocols used in the Surf-LAN and allows you to decide what protocols you want to allow, block or restrict.