App Patrol allowing Specific hosts on Blocked Applications

dpipro
dpipro Posts: 70  ZCNE Certified
First Comment Friend Collector Sixth Anniversary ZCNE Switch Level 1 Certification - 2020
edited March 24 in Security

Hello,

We are currently configuring a ZyWALL FLEX100 and need help implementing a policy with the following requirements:

  • Block access to all hosts:
    • Movies and TV series platforms
    • Online games
    • YouTube
    • Social media (except for host1 - IP 192.168.1.21)
    • Online radio, TV and Spotify (except for host2 - IP 192.168.1.22)
    • WhatsApp (except for host3 - IP 192.168.1.23)

We are using Application Patrol, which works well for blocking traffic. However, we are struggling to configure exceptions per host. It seems that Application Patrol allows only blocking applications, not allowing them selectively.

How can we implement per-host exceptions for specific applications (e.g., allow WhatsApp or Spotify for only certain host while blocking it for others)? All host are identified via static IPs or DHCP reservations.

Any suggestions or examples on how to approach this would be greatly appreciated.

Thanks in advance!

Best regards

Accepted Solution

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,159  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi @dpipro ,

    Example: App Patrol with WhatsApp (excluding IP 192.168.1.23)

    Create a new entry that includes WhatsApp.

    image.png

    Add an allow security policy for the entry.

    image.png

    Details of the allow security policy as below. Note: Before creating the allow security policy for WhatsApp, add an Address Object for 192.168.1.23 (Source).

    image.png

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,159  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi @dpipro ,

    Example: App Patrol with WhatsApp (excluding IP 192.168.1.23)

    Create a new entry that includes WhatsApp.

    image.png

    Add an allow security policy for the entry.

    image.png

    Details of the allow security policy as below. Note: Before creating the allow security policy for WhatsApp, add an Address Object for 192.168.1.23 (Source).

    image.png