USG FLEX 200: Application Patrol / Content Filtering Policy
thwartedEfforts
Posts: 10 Freshman Member
in Security
I have a FLEX 200 running V5.30(ABUI.0)
Creating the following Twitter app in Firewall🡒Configure🡒Security service
And the following outbound lan policy in Firewall🡒Configure🡒Security policy
My expectation would be that only traffic matching the Twitter app profile definition above would trigger it.
But this is not the case, with any/all traffic triggering the policy
What am I doing wrong? What have I missed? Thanks in advance!
P.S. Second time of creating this message; had a modal JSON error dialog appear after editing a much longer post, then the discovery the post had been deleted
Creating the following Twitter app in Firewall🡒Configure🡒Security service
And the following outbound lan policy in Firewall🡒Configure🡒Security policy
My expectation would be that only traffic matching the Twitter app profile definition above would trigger it.
But this is not the case, with any/all traffic triggering the policy
What am I doing wrong? What have I missed? Thanks in advance!
P.S. Second time of creating this message; had a modal JSON error dialog appear after editing a much longer post, then the discovery the post had been deleted
0
All Replies
-
Hi @thwartedEfforts,The steps a packet goes through a USG FLEX is illustrated in the diagram. If the traffic matches a UTM feature, then the gateway follows the action configured in the first matched UTM feature to block the traffic. In your example, the traffic needs to pass security policy rule first. Then the passed traffic will be scanned by App Patrol.0
-
Thanks for your help.
I've removed the Firewall entry and my single App Patrol test definition remains as below:
The Firewall🡒Configure🡒Security service page has Content filtering enabled and the App Patrol rule for Twitter visible:
However, nothing is logged from the above settings, and Twitter is not being blocked despite the App Patrol profile action rejecting it; this behaviour is the reason I'd originally created the Firewall rule.
I'm a little lost now!0 -
Hi @thwartedEfforts,You still need to apply App Patrol and Content Filter policy to security policy to make these UTM features work.
The traffic that match the action(allow), protocol, source, destination, dst. port, user and schedule in the security policy will be allowed and passed through the device. That's why all traffic that pass the security policy are logged in the event logs.- If the traffic is blocked by security policy rule, then it is blocked at the firewall and will not enter UTM engine for further check.- If the traffic is allowed by security policy rule, then the traffic enters the device and then enters UTM engine for App Patrol/Content Filter check if you apply App Patrol/Content Filter policies to this security policy rule.0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight