cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

L6 Presenter

If you want a complete block from the start on well-known services, yes block by the Service (aka protocol/port). The application filters can not categorize packets until a sufficient amount of traffic has passed in the session, so packets will continue until the application can be ID'd and rules re-evaluated. The application filters can be handy for ID'ing traffic on non-standard ports (assuming you do not have "application-default" turned on in the service), or traffic which changes after establishing, but they don't automatically assume new port based traffic matches.

View solution in original post

Who rated this post