Application Control & DNS Filtering

What is Application Control

Application Control is a firewall security feature that identifies, monitors, and controls applications running on a network, regardless of the port or protocol they use. It allows administrators to allow, block, or restrict specific applications based on security policies.

Unlike traditional filtering (which checks only websites or ports), application control inspects the actual application traffic. This means it can detect apps like WhatsApp, Facebook, YouTube, Zoom, or gaming applications even if they try to use different ports to bypass restrictions.

When a user starts an application, the firewall analyzes the traffic using deep packet inspection. It then matches the application with predefined rules and either allows, blocks, or limits its usage (for example, allowing WhatsApp messages but blocking WhatsApp calls).

Example

  • In a company network, the administrator may allow business applications like Microsoft Teams or Zoom for meetings but block gaming apps like PUBG or entertainment apps to improve productivity.
  • In a school, applications like YouTube may be blocked completely, while educational apps like Google Classroom are allowed.

Importance

Application control helps improve security, reduce bandwidth misuse, and ensure that only authorized applications are used in the network.

In advanced firewalls like Fortinet FortiGate, Application Control is a key security feature that uses a large application database to identify and manage thousands of applications with fine-grained control.

Why Application Control is needed

Why Application Control is needed

Application Control is needed because normal firewall rules (based on IP addresses or ports) are not enough to control modern applications. Many apps like WhatsApp, Facebook, or YouTube can use different ports, encryption, or hidden channels, so they can bypass basic filtering.

With Application Control, a firewall can identify the actual application (not just the website or port) and apply strict rules such as allow, block, or limit usage. This gives organizations much better visibility and control over network activity.

Application Control Example – Facebook App

Application Control in a firewall is used to manage how specific applications like Facebook are used inside a network. It can allow, block, or restrict different features of the same application based on security policies.

  • In a school network, the firewall may completely block the Facebook application. When students try to open Facebook, the app will not load and access will be denied. This is done to prevent distraction and ensure students focus on studies.
  • In an office environment, Facebook may be partially allowed for official use like managing company pages, but personal chat features such as Facebook Messenger may be blocked. This helps improve productivity and reduces unnecessary communication during working hours.
  • In some organizations, Facebook is allowed but with restrictions. For example, text-based browsing may be allowed, but video autoplay and file sharing features may be limited. This helps in reducing bandwidth usage and improving network performance.
  • Application Control works by identifying Facebook traffic and applying predefined rules such as allow, block, monitor, or limit. This gives administrators full control over how the application behaves in the network.

In advanced firewalls like Fortinet FortiGate, Facebook is detected as multiple application components such as Facebook browsing, Facebook chat, and Facebook video, allowing fine-grained control over each feature separately.

What is DNS Filtering

DNS Filtering is a security feature of a firewall that controls and blocks access to websites by filtering DNS (Domain Name System) requests. It works by checking the domain name a user is trying to access and then allowing or blocking it based on security policies.

When a user enters a website name like facebook.com or youtube.com, the DNS converts it into an IP address. DNS filtering intercepts this request and checks whether the domain is allowed or blocked. If it is on the blocked list (like malicious, adult, or social media sites), the firewall prevents access even before the website loads.

DNS filtering is widely used in schools, colleges, and offices to block unsafe or non-productive websites. It is also effective against phishing sites and malware domains because it stops the connection at the domain lookup stage itself.

Example

  • In a school network, when a student tries to open a gaming or social media website, DNS filtering blocks the domain name, and the website does not open. Only educational websites are allowed to load.
  • In an office, DNS filtering may allow business websites but block entertainment, gambling, or suspicious websites to improve productivity and security.

In advanced firewalls like Fortinet FortiGate, DNS filtering is used as part of web security policies to block malicious domains, phishing websites, and unwanted categories before the connection is established.

  1. DNS Filter: This is the system that enforces filtering rules. It can be an on-premises appliance, a software-based solution, or a cloud service that filters DNS requests based on a set of policies.
  2. Policy Configuration: Administrators define policies to block or allow specific categories of websites (e.g., “Malware,” “Social Media,” “Adult Content”) or specific domains based on threat intelligence.
  3. Enforcement: When a DNS request is made, the DNS filter checks if the requested domain matches any policy rules. If the domain is blocked, the request is denied or redirected to a warning page.