HI in what Rule Scenario woulld 80/443 vs using ssl/web-browsing be used. And why wouldnt app for ssl and web-browsing not work but prot 80/443 work
"web-browsing" and "ssl" only match generic HTTP/HTTPS traffic. If the firewall determines a more precise App-ID for the traffic, then it will switch to using that for determining whether to allow/deny the traffic, which may fail in mysterious ways. :)
For example, if you have a general "allow web traffic" Security Policy and use "web-browsing" in the rule, then very basic web traffic will be allowed. But, if someone accesses GMail, or Facebook, or Youtube, or click on a video link in a generic web page, than the firewall will notice and match that traffic to the google-base, or google-mail, or facebook-base, or youtube, or streaming-video App-ID, none of which are listed in the rule, and block the traffic. Which leads you down a rabit hole of "access website, check logs for what app is shown, update rule, keep browsing, rinse and repeat". :)
We ran into this issue trying to get regular ol'Moodle courses working correctly using application matching. Once the list got beyond 6 or 7 difference applications, we switched to just allowing straight port 80/443 traffic through.
There are situations where the application matching really helps (video conferencing, for example), and situations where it really doesn't (a general "allow web traffic" rule). It depends on how specific you need the rule to be.
Instead of opening port 80/443 create application filter to dynamically group applications together and add filter into the rule.
Objects > Application Filters
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!