App-ID Dependencies and Security Rule Order

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

App-ID Dependencies and Security Rule Order

L0 Member

Which one of the following is the correct way to configure app-id and security rules? (Bonus points for why.)

pa-rule-question.png

1 REPLY 1

Cyber Elite
Cyber Elite

@PUSDAlexK

**I answered this question under the assumption that you are not running SSL-Decryption**

 

1) This would work; as when the firewall identifies 'netflix' as the app-id it will rescan the Security rulebase to see if you have a policy matching 'netflix'. 

 

2) You would be blocking way too much in this policy, not just netflix. 

 

3) Same thing as 2. 

 

So things to note here:

- You can block netflix by using a URL Filtering profile on the 'test allow' rule that simply includes 'netflix.com', '*.nflxvideo.net', and *.netflix.com' in the 'Block List'.

- When you are looking to block a specific app-id you don't necissarly have to include all application dependencies. This may cause commit warnings which can be annoying, but you can easily ignore them or eliminate them if you are willing to put some work in. 

- ONly block the app-ids that you actually want to block access to. So in 2  as you originally noted this would have blocked all of your http-audio, http-video, and web-browsing. In option 3 you would still be blocking everything as you would be in 2, except web-browsing as all of that traffic would have already been allowed by the rule above it. 

  • 3298 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!