Priority of Security Policy and Application Patrol?

Zyxel_Judy
Zyxel_Judy Posts: 2,159  Zyxel Employee
Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

Application Patrol allows administrators to create profiles containing different applications that needs to be blocked. These application profiles are assigned to security policies in order to match traffic criteria.

image.png

Both actions are in effect, however, the Security Policy action takes precedence over Application Patrol actions. The following examples illustrate this priority relationship:

Example 1

Configuration

  • Application Patrol "App-Profile-01" is set to Drop applications in the Game category
  • "App-Profile-01" is assigned to a security policy that Allows traffic from 192.168.1.0/24 to Any
image.png

Result

A client at 192.168.1.33 cannot access Game applications but can still connect to YouTube and other Audio/Video category applications.

Example 2

Configuration

  • Application Patrol "App-Profile-01" is set to Allow applications in the Game category
  • "App-Profile-01" is assigned to a security policy that Drops traffic from 192.168.1.0/24 to Any
image.png

Result
A client at 192.168.1.33 cannot access Game applications or YouTube and other Audio/Video category applications…, as the security policy's Drop action takes precedence.