App-ID Dependencies and Security Rule Order

PUSDAlexK — Tue, 17 Apr 2018 22:18:40 GMT

Which one of the following is the correct way to configure app-id and security rules? (Bonus points for why.)

Re: App-ID Dependencies and Security Rule Order

BPry — Wed, 18 Apr 2018 16:05:24 GMT

**I answered this question under the assumption that you are not running SSL-Decryption**

1) This would work; as when the firewall identifies 'netflix' as the app-id it will rescan the Security rulebase to see if you have a policy matching 'netflix'.

2) You would be blocking way too much in this policy, not just netflix.

3) Same thing as 2.

So things to note here:

- You can block netflix by using a URL Filtering profile on the 'test allow' rule that simply includes 'netflix.com', '*.nflxvideo.net', and *.netflix.com' in the 'Block List'.

- When you are looking to block a specific app-id you don't necissarly have to include all application dependencies. This may cause commit warnings which can be annoying, but you can easily ignore them or eliminate them if you are willing to put some work in.

- ONly block the app-ids that you actually want to block access to. So in 2 as you originally noted this would have blocked all of your http-audio, http-video, and web-browsing. In option 3 you would still be blocking everything as you would be in 2, except web-browsing as all of that traffic would have already been allowed by the rule above it.

topic App-ID Dependencies and Security Rule Order in General Topics

App-ID Dependencies and Security Rule Order

Re: App-ID Dependencies and Security Rule Order