Application Control is the FortiGate feature designed to identify and control applications using signatures from the FortiGuard service. It leverages the Intrusion Prevention System (IPS) engine and its protocol decoders to analyze network traffic patterns and accurately detect thousands of applications, including those that are not web-based (non-URL). By configuring an Application Control profile and applying it to a firewall policy, an administrator can explicitly block specific applications or categories of applications, thereby controlling traffic based on its application signature and behavior.

A. DNS filter operates by inspecting Domain Name System (DNS) requests and blocking access based on domain ratings and categories, not by using IPS protocol decoders for general application signatures.

C. SD-WAN rules use application detection to make intelligent routing and path selection decisions, not primarily to block traffic as a security enforcement action.

D. Web filter is used to control access to web traffic (HTTP/HTTPS) based on URLs and content categories, not for identifying and blocking the wide range of non-web applications that Application Control handles.

1. Fortinet FortiOS 7.4.0 Administration Guide

Security Profiles > Application Control

Page 1018: "Application control uses IPS protocol decoders to identify the applications that generate network traffic. It can be used to create policies that allow

deny

or restrict access to applications." This statement directly links Application Control with IPS decoders for the purpose of controlling applications.

2. Fortinet FortiOS 7.4.0 Administration Guide

Security Profiles > Intrusion Prevention

Page 1001: "The IPS engine also provides the application detection that powers the application control feature." This confirms that the underlying technology for application detection

which involves analyzing transmission patterns and signatures

is the IPS engine.