How to allow only an app like Zalo for some special computers can be chat, call, tranfer file in sg 330 ?

Chào Duc Khanh and welcome to the UTM Community!

Another thing that might be interesting would be to see if there's a traffic signature that would allow you to use Application Control.  On the Dashboard, click on the box to the right of the Interface where your device is located.  This will bring up the Flow Monitor.  Start Zalo and click on application names to get more information.  Do the same with the numbers in the Client column.  Any luck with that?

Cheers - Bob

Chào Duc Khanh and welcome to the UTM Community!

Another thing that might be interesting would be to see if there's a traffic signature that would allow you to use Application Control.  On the Dashboard, click on the box to the right of the Interface where your device is located.  This will bring up the Flow Monitor.  Start Zalo and click on application names to get more information.  Do the same with the numbers in the Client column.  Any luck with that?

Cheers - Bob

I was check in flow monitor and find zalo but result is 0/0.

another like skype, facebook, teamviewer.. it can show, but zalo is no show.

If you are considering a switch to XG Firewall, this article describes out to block Zalo and CC browser using XG Security and Sophos Endpoint working together

https://techbast.com/2018/11/how-to-block-coc-coc-browser-and-zalo-on-sophos-xg.html

I also tried to check the vendor website, but I don't read Vietnamese.

Most applications like this use https on port 443 for initialization, then other ports for other purposes, all outbound.   Control can probably be achieved with web filtering using these strategies:

Block normal users using just web filtering

Prevent the software from being installed:

• Use web filtering to restrict access to the software download web address.
• Use web filtering to restrict downloads by file type (.exe, .zip, .msi, etc.), with exceptions created as you identify allowed sites.
• Ensure that users do not have administrative privileges to install software on company-issued computers.

Prevent the software from being used:

• Run Zalo with web filtering enabled and log the web addresses that it uses.   Block those sites as well.

Allow special users:

• Install software on their device
• Create a Policy for the special users, and like it to its own Filter Action.   In that Filter Action, ensure that the Zalo sites are allowed.

Other notes:

• HTTPS Inspection (decrypt-and-scan) almost always causes problems for applications that uses two ports, because the https connection comes from UTM and the second connections comes from the desktop.   So if you use HTTPS Inspection, you should disable it for Zalo destinations for the Filter Action applied to allowed users.

The other ports will require some research.   XMPP is a multi-vendor protocol for chat, and it runs on TCP 5222 and TCP 5223, but Zalo may use its own protocol.   These other ports will probably be controlled by firewall rules, where you do not have restrictions based on username (unless you are using STAS for authenticating internal users to Web Filtering).   You could control these ports using firewall rules that block or allow based on source IP address, if your special users have dedicated IP addresses.

I have written a lot on web filter configuration and log analysis.   Start with the articles in the Wiki section, then proceed to the articles that are pinned to the top of the web filtering section.

But the key is to understand what ports the application users.