ATP100 - Security Policy in Nebula

FabrizioF
FabrizioF Posts: 6
Friend Collector
in Security
Hi , I need a VLAN to block all internet traffic except Microsoft OneDrive on Android tablets and Windows apps

I've done a thousand tests with the Security policies, but it doesn't seem to work.

Has anyone personally tested this setup?
Do you have screenshots of the working configuration?
Thanks in advance

Fabrizio F.

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,259  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @FabrizioF

    Currently, we don’t support this scenario. The App Patrol profile can only support reject action, it doesn’t support only allow some specific apps that can be passed on a firewall rule.



    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Zyxel_Jeff said:
     The App Patrol profile can only support reject action, it doesn’t support only allow some specific apps that can be passed on a firewall rule.


    OUCH! What a giant feature hole!
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,259  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Thanks for your feedback and comment. We would consider transferring this request to our feature queue for our future development evaluation. Thanks.


    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • FabrizioF
    FabrizioF Posts: 6
    Friend Collector

    in the end I "solved" by blocking everything as much as possible, Looking at the logs I then unblocked the sites required by the OneDrive app ... at the moment it seems to work, fingers crossed
  • FabrizioF
    FabrizioF Posts: 6
    Friend Collector
    Zyxel_Jeff said:

    Hi @FabrizioF

    Currently, we don’t support this scenario. The App Patrol profile can only support reject action, it doesn’t support only allow some specific apps that can be passed on a firewall rule.


    however I seem to have understood that in on-premises mode, it is possible to change this parameter instead ...
    it is a bug / limitation of Nebula mode
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,259  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    FabrizioF said:
    Zyxel_Jeff said:

    Hi @FabrizioF

    Currently, we don’t support this scenario. The App Patrol profile can only support reject action, it doesn’t support only allow some specific apps that can be passed on a firewall rule.


    however I seem to have understood that in on-premises mode, it is possible to change this parameter instead ...
    it is a bug / limitation of Nebula mode
    Hi @FabrizioF  Thank you for your feedback. Currently, it's our design on the Nebula mode, we will put your feedback and comments for our future development evaluation. Thanks again!


    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)