USG Flex 200 Blocking with Application Patrol blocks everything

thwartedEfforts Posts: 10  Freshman Member
First Anniversary First Comment
edited June 2022 in Security
Hello all. I'm trying to block individual app traffic, but instead all traffic seems to trigger whatever Application Patrol rules I create.

What I'm using via NCC:
Zyxel USG FLEX 200 V5.30(ABUI.0)

Firewall🡒Configure🡒Security service
In the Application Patrol box tap the +Add button
Added an example profile for preconfigured app Twitter, as below

Tap the Create then Save to update the config

Firewall🡒Configure🡒Security policy
In the Security policy box tap +Add
Configured the new policy called SF_TWITTER using the profile created in the step above, as below

For Source I'm using lan1_192.168.5.0/24
For Destination I'm using Any
Action left as Allow here so log only
No other rules defined other than implicit allow and deny

Tap the Save button to update the config

My assumption at this point would be that only traffic matching the define app (i.e. Twitter) will trigger the policy rule. What happens is ALL traffic hits it and is logged

What am I missing? Thanks in advance.

All Replies

Security Highlight