Blocking the Use of the QQ Client
This section describes how to apply the application identification function on the FW to disable intranet users from using the QQ client.
Faced Problems
As shown in Figure 1, an enterprise deploys the FW as a gateway to connect the intranet to the Internet.
Intranet users use the QQ client for chatting, affecting the working efficiency.
Solution
With the application identification function, the FW can identify QQ traffic. Set the application to the QQ client and the action to deny in the security policy to disable intranet users from using the QQ client.
Click Add, select Add Security Policy. Set matching conditions for the security policy as required and set the action to deny.
When setting the application matching condition for the security policy, use keyword QQ to rapidly locate and select the application.
Set security policy parameters as follows:
Name policy1 Source Zone trust Destination Zone untrust Source Address/Region 192.168.0.0/255.255.255.0 Application QQ_IM Action Deny - Click OK.
Verification
Intranet users cannot use the QQ client for chatting.
Configuration Scripts
The configuration script related to the example is as follows:
# security-policy rule name policy1 source-zone trust destination-zone untrust application app QQ_IM action deny #