Default elements for network applications
There are several predefined elements for working with network applications.
Application Type elements define general categories of network applications. One Application Type element can be associated with each Network Application element. Application Type elements are predefined, and you cannot create Application Type elements.
Tag elements help you to create simpler policies with less effort. Tag elements represent all Network Application elements that are associated with that Tag. For example, the Media Tag includes several web-based image, music, and video applications. Several Tags can be associated with each Network Application element.
Dependencies for network applications define other network applications that must also be allowed when the network application is allowed. When you use a network application that has dependencies in a rule with the Allow or Jump action, or in a NAT rule, the rule also applies to the related network applications. When you use the network application that has dependencies in a rule with the Continue, Discard, or Refuse action, the rule does not apply to the related network applications.
TLS Match elements define matching criteria for the use of the TLS protocol in traffic. When a connection that uses the TLS protocol is detected, the server certificate for the connection is compared to the TLS Match in the Network Application definition. TLS connections are allowed only to sites that have trusted certificates that meet the following criteria:
- The certificate domain name must match the domain name in the TLS Match element.
- The certificate must be signed by a valid certificate authority.
- The certificate must be valid (not expired or revoked).
TLS Match elements can also specify whether to decrypt TLS traffic to particular Internet domains for inspection. The default TLS Match elements deny decryption of only the following types of traffic:
- Traffic for Network Applications that do not work correctly if the traffic is decrypted.
- Traffic that is functionally critical, such as connections to the Forcepoint Advanced Malware Detection service, or to services for automatic dynamic updates and engine upgrades.
For more information, see Knowledge Base article 18074.
The predefined elements are imported and updated from dynamic update packages. The set of elements available changes whenever you update your system with new definitions. The Release Notes of each dynamic update package list the new elements that the update introduces.
Network Application Properties dialog box
Use this dialog box to view the properties of Network Application elements.
| Option | Definition |
|---|---|
| General tab | |
| Name | Specifies a unique name for the Network Application element. |
| Comment | Adds a comment to the Network Application element. |
| Application Type | Shows the selected network application type. |
| Select | This option is disabled. |
| Parent Application | Shows the selected parent network application. |
| Select | This option is disabled. |
| Description | Shows a more detailed description of the network application. |
| Supported Engine Versions | Specifies the supported engine versions for the Network Application element. |
| Standard ports, unless otherwise specified in 'Service (Port)' field | |
| Protocol | Shows the protocol for the default port. |
| From | Shows the start of the port range. |
| To | Shows the end of the port range. |
| TLS | Shows whether TLS is required, allowed, or forbidden. |
| Add Port | This option is disabled. |
| Remove Port | This option is disabled. |
| Protocol | Shows the Protocol Agent element associated with the Network Application element. |
| Select | This option is disabled. |
| TLS Match | Shows the TLS Match element associated with the Network Application element. |
| Select | This option is disabled. |
| Application Identifiable by TLS Match Alone | Shows whether the network application can be identified without decrypting the traffic. |
| Option | Definition |
|---|---|
| Protocol Parameters tab | This tab is disabled. |
| Option | Definition |
|---|---|
| Link Selection tab |
Shows the quality metrics that determine which Multi-Link VPN link traffic associated with the Network Application uses. The options on this tab are not editable. You can use QoS Class elements to override the default settings shown on this tab. |
| Bandwidth | Specifies how important the bandwidth of the connection is for determining which link traffic uses. |
| Jitter | Specifies how important variations in the delay of received packets is for determining which link traffic uses. |
| Latency | Specifies how important delays in packet transmission are for determining which link traffic uses. |
| Packet Loss | Specifies how important the number of packets of data that fail to reach their destination are for determining which link traffic uses. |
| Stability | Specifies how important variations in the availability and quality of the connection are for determining which link traffic uses. |
| Option | Definition |
|---|---|
| Tags and Dependencies tab | |
| Dependencies |
Shows related network applications that must also be allowed when this network application is allowed. When you use a network application that has dependencies in a rule with the Allow or Jump action, or in a NAT rule, the rule also applies to the related network applications. When you use the network application that has dependencies in a rule with the Continue, Discard, or Refuse action, the rule does not apply to the related network applications. |
| Tags table | |
| Name | Shows the name of the tag. |
| Comment | Shows the comment associated with the selected tag. |
| Type | Shows the tag type. |
| Add Tags | This option is disabled. |
Application Type Properties dialog box
Use this dialog box to view the properties of an Application Type element. You cannot edit Application Type elements.
| Option | Definition |
|---|---|
| Name | Shows the name of the element. |
| Comment | Shows a description of the element. |
| Save | Not available in this dialog box. |
Application Usage Tag Properties dialog box
Use this dialog box to view the properties of an Application Usage Tag element. You cannot edit Application Usage Tag elements.
| Option | Definition |
|---|---|
| Name | Shows the name of the element. |
| Comment | Shows a description of the element. |
| Save | Not available in this dialog box. |