Allowing Specific Hosts to Access Blocked Applications Using Application Patrol

Zyxel_Judy · April 15

Overview

This guide explains how to configure Application Patrol on a Zyxel firewall (such as ATP 500) to block applications for all network users while allowing access for specific IP addresses.

Scenario

You want to restrict access to certain application categories (such as YouTube) for all users on your network except for specific devices (such as 192.168.2.34).

Configuration

Part 1: Allow a Specific Host to Access YouTube

Create a Security Policy for the YouTube Allow Profile
- Navigate to Configuration > Security Policy > Policy Control
- Click Add, then Create New Object, and choose Address

Enter the Name, Address Type, IP Address, and click OK

Configure the Policy rule as required and click OK

Click Appy

2. Create an App Patrol Profile to Allow YouTube

Go to Configuration > Security Service > App Patrol and click Add
Enter a descriptive profile name
Search for "YouTube" in the Search Application(s) by Name field
In the Query Result, select the checkbox and click Add To My Application

In My Application, set Action to "forward" and Log to "log"
Click Save & Exit to save your changes

3/ Apply the profile to a traffic flow in a security policy.

When prompted after clicking Save & Exit, click Yes to open the "Apply Profile to a security policy" screen

Select Allow_YT_Host_P from the list.
Click OK to save your changes

Part 2: Block YouTube for All Other Hosts

Create an App Patrol Profile to Block YouTube
- Go to Configuration > Security Service > App Patrol and click Add
- Enter a descriptive profile name
- Search for "YouTube" in the Search Application(s) by Name field
- In the Query Result, select the checkbox and click Add To My Application