Application Visibility & Control
Moving beyond ports to understand application-level traffic
The Evolution of Network Visibility
Traditional firewalls inspect traffic at Layer 3/4 (IP addresses and ports). Modern NGFWs add Layer 7 application awareness.
7
Application Layer
NGFW/AVC: Sees actual application (Slack, Zoom, BitTorrent)4
Transport Layer
Traditional: Sees TCP/UDP ports (443, 80, 53)
3
Network Layer
Traditional: Sees IP addresses only
Why Ports Aren't Enough
Consider these scenarios where port-based filtering fails:
- Port 443 (HTTPS) — Could be legitimate banking, cloud storage, or malware C2
- Port 80 (HTTP) — Could be web browsing, software updates, or data exfiltration
- Port 53 (DNS) — Could be DNS queries or DNS tunneling
- Non-standard ports — Applications can run on any port
Application Identification
How NGFWs identify applications regardless of port
Deep Packet Inspection Demo
Click "Identify" to see how AVC recognizes applications beyond port numbers.
Source: 192.168.1.100 → Dest: 52.96.x.x
Port: 443 (HTTPS)
Identified: Microsoft Office 365 - OutlookSource: 192.168.1.101 → Dest: 34.107.x.x
Port: 443 (HTTPS)
Identified: Slack - MessagingSource: 192.168.1.102 → Dest: 185.x.x.x
Port: 443 (HTTPS)
Identified: BitTorrent - P2P File SharingSource: 192.168.1.103 → Dest: Unknown IP
Port: 443 (HTTPS)
Identified: Unknown Encrypted Tunnel - Possible C2
Identification Methods
| Method | Description | Example |
|---|---|---|
| Signatures | Pattern matching in packet headers/payload | BitTorrent protocol markers |
| SNI/Certificate | TLS Server Name Indication field | zoom.us in TLS handshake |
| Behavioral | Traffic patterns and timing | VoIP call characteristics |
| Heuristics | Statistical analysis | Encrypted tunnel detection |
AVC Policies
Controlling applications based on business and security requirements
Application Risk Categories
Click applications to see their risk profile.
Office 365
Risk: Low
Salesforce
Risk: Low
Dropbox
Risk: Medium
YouTube
Risk: Medium
BitTorrent
Risk: High
Tor
Risk: High
Sample AVC Policy
| Application | Category | Action | Reason |
|---|---|---|---|
| Office 365 | Sanctioned SaaS | ALLOW | Business critical |
| YouTube | Streaming | LIMIT (1 Mbps) | Bandwidth management |
| Personal Dropbox | File Sharing | BLOCK UPLOAD | Data loss prevention |
| BitTorrent | P2P | BLOCK | Legal/security risk |
| Unknown Encrypted | Evasive | BLOCK + ALERT | Possible malware |
Knowledge Assessment
Test your understanding of Application Visibility & Control
Assessment Complete!
0%