uOS v1.32 Adds Implicit Deny for Application Patrol
Zyxel Employee
With uOS version 1.32, Zyxel introduces a much-anticipated update to the Application Patrol feature - the ability to enforce implicit deny rules. This enhancement offers network administrators a more secure and controlled application filtering environment by explicitly denying all unspecified traffic when a policy is applied.
What is Application Patrol?
Application Patrol enables administrators to monitor or block specific applications by category.
To enforce these rules, admins must create an Application Patrol Profile and bind it to a Security Policy. The firewall evaluates traffic based on the security policy first. If traffic is allowed, it proceeds to Application Patrol for further inspection.
Default Behavior (Pre-v1.32)
Previously, Application Patrol operated with an implicit allow logic:
- Only applications explicitly defined in the patrol profile were evaluated.
- Any undefined or unclassified traffic was implicitly allowed unless blocked by other policies.
Example: If only the “Games” category is dropped, all other apps — including YouTube or Zoom — are allowed by default.
What's New in v1.32: Implicit Deny Method
The latest update gives admins the option to invert the logic:
- Any application not explicitly allowed in the profile is automatically denied.
- Known as “Implicit Deny”, this mode helps enforce a stricter “zero-trust” application access model.
How It Works
- Go to:Security Service → Application Patrol → Create/Edit Profile
- Toggle the setting: Allow only selected apps (with allowed actions)
- Define the specific applications or categories you want to allow.
- Apply the profile to the desired security policy rule.
Example: You allow only “Business” apps — Zoom and Microsoft Teams. Any application not listed (e.g., TikTok, YouTube) is blocked, even if it’s not explicitly mentioned.
Reject Unrecognized Applications
In addition to implicit deny, another setting allows the firewall to handle unrecognized traffic:
- Enable “Reject Unrecognized Applications” to block applications that cannot be categorized.
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 165 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 364 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 262 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight