Hello, Guys, I have one question. First below is the packet flow from "Packet Flow.pdf" document. According to this document ... In the red square, before PA make session table, it checks packet's ip and port (like the legacy L4 firewall), and then after the session created, it check Content, APP-ID. So I made this rule(URL Block). According to packet flow.pdf, 'URL Block' rule should check packet's ip and port first and then should block those packet. >> Am I right? That means that the packet would never go Contents-ID, and APP-ID process. And URL filtering happens in Content ID process. According to the document ,the session should never be created. But in my lab test, it worked fine as the rule made (It worked like as if I used URL filtering profile. If I use URL filtering profile, the action should be 'allow' in security rule, and 'block that category' in url filtering profile.) I just wondering, then what's the difference between in Security policy and Security Profile URL filtering. And I want to hear your opinion. It would be very appreciated if you point out what's my mis-understading. Thank you very much.
... View more