Which one of the following is the correct way to configure app-id and security rules? (Bonus points for why.)
**I answered this question under the assumption that you are not running SSL-Decryption**
1) This would work; as when the firewall identifies 'netflix' as the app-id it will rescan the Security rulebase to see if you have a policy matching 'netflix'.
2) You would be blocking way too much in this policy, not just netflix.
3) Same thing as 2.
So things to note here:
- You can block netflix by using a URL Filtering profile on the 'test allow' rule that simply includes 'netflix.com', '*.nflxvideo.net', and *.netflix.com' in the 'Block List'.
- When you are looking to block a specific app-id you don't necissarly have to include all application dependencies. This may cause commit warnings which can be annoying, but you can easily ignore them or eliminate them if you are willing to put some work in.
- ONly block the app-ids that you actually want to block access to. So in 2 as you originally noted this would have blocked all of your http-audio, http-video, and web-browsing. In option 3 you would still be blocking everything as you would be in 2, except web-browsing as all of that traffic would have already been allowed by the rule above it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!