https://live.paloaltonetworks.com/t5/next-generation-firewall/microsoft-defender-outbound-traffic-policy/m-p/584245#M3017 <P>Trying to slim down a rule for outbound traffic with clients using MS defender. I built a custom URL list of the defender urls provided by MS. Added it to the policy under service/url category. The apps used are ms-update, ssl, web-browser, windows-defender-atp.</P> <P>&nbsp;</P> <P>The issue is I see traffic hitting ssl in the logs with url category as "any" which means the process order must be left to right in the policy.&nbsp;</P> <P>&nbsp;</P> <P>source</P> <P>destination</P> <P>app</P> <P>service/url category</P> <P>&nbsp;</P> <P>So my assumption is once the rule sees SSL as the app it allows the traffic? Is this correct?</P> Thu, 18 Apr 2024 16:52:16 GMT S_Williams901 2024-04-18T16:52:16Z https://live.paloaltonetworks.com/t5/next-generation-firewall/microsoft-defender-outbound-traffic-policy/m-p/584245#M3017 <P>Trying to slim down a rule for outbound traffic with clients using MS defender. I built a custom URL list of the defender urls provided by MS. Added it to the policy under service/url category. The apps used are ms-update, ssl, web-browser, windows-defender-atp.</P> <P>&nbsp;</P> <P>The issue is I see traffic hitting ssl in the logs with url category as "any" which means the process order must be left to right in the policy.&nbsp;</P> <P>&nbsp;</P> <P>source</P> <P>destination</P> <P>app</P> <P>service/url category</P> <P>&nbsp;</P> <P>So my assumption is once the rule sees SSL as the app it allows the traffic? Is this correct?</P> Thu, 18 Apr 2024 16:52:16 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/microsoft-defender-outbound-traffic-policy/m-p/584245#M3017 S_Williams901 2024-04-18T16:52:16Z