Hi @reaper and @BPry , Ok that makes absolutly sense, thank you very much. But what happens if i add in every security rule, the desired APPID and the "Parent APPIDs". For example, two seperate security rules with different AppIDs, like 1. pastebin and 2. github, but both have the ssl, web-browsing as depend on (this is only en example, one of them implicity use ssl). If i add ssl and web-browsing in every rule, but with different URL Filters, because i have to restrict in both rules different SubUrlPaths. How is handling this the firewall? Is there an advantage or disadvantage, if i seperate depends on AppIDs in seperate security rules? Because a ruleset should be readable, i think an order is good, if i alway need to search where i allow an AppID, then its difficult to read the ruleset. But i don't know if its a bad idee to build up the ruleset with needed depends on AppIDs first in the rulest and then i go more and more sepcific to the desired AppIDs. The rest of the ruleset is like first rule match, from spesific first to more and more general at the end. Now with AppID is this in my point of view the oppsit and i have to combine both methods. Kind regards Fabio
... View more