USG Flex 200 Blocking with Application Patrol blocks everything

thwartedEfforts · June 2022

Hello all. I'm trying to block individual app traffic, but instead all traffic seems to trigger whatever Application Patrol rules I create.

What I'm using via NCC:
Zyxel USG FLEX 200 V5.30(ABUI.0)

Firewall🡒Configure🡒Security service
In the Application Patrol box tap the +Add button
Added an example profile for preconfigured app Twitter, as below

Image: https://us.v-cdn.net/6029482/uploads/editor/os/l6d165ky4bbu.png

Tap the Create then Save to update the config

Firewall🡒Configure🡒Security policy
In the Security policy box tap +Add
Configured the new policy called SF_TWITTER using the profile created in the step above, as below

Image: https://us.v-cdn.net/6029482/uploads/editor/2b/mau5atk4yfg3.png

For Source I'm using lan1_192.168.5.0/24
For Destination I'm using Any
Action left as Allow here so log only
No other rules defined other than implicit allow and deny

Tap the Save button to update the config

My assumption at this point would be that only traffic matching the define app (i.e. Twitter) will trigger the policy rule. What happens is ALL traffic hits it and is logged

Image: https://us.v-cdn.net/6029482/uploads/editor/do/s47knud5obay.png

What am I missing? Thanks in advance.

thwartedEfforts · June 2022

Duplicate thread. Replacement:
https://community.zyxel.com/en/discussion/13577/usg-flex-200-application-patrol-content-filtering-policy

I'm guessing this was held in a moderation queue, but without notification of that fact I assumed it had been deleted. This thread is safe to delete.

USG Flex 200 Blocking with Application Patrol blocks everything

All Replies

Categories

Security Help Center