USG FLEX 200: Application Patrol / Content Filtering Policy
thwartedEfforts
Posts: 9
in Security
I have a FLEX 200 running V5.30(ABUI.0)
Creating the following Twitter app in Firewall🡒Configure🡒Security service
And the following outbound lan policy in Firewall🡒Configure🡒Security policy
My expectation would be that only traffic matching the Twitter app profile definition above would trigger it.
But this is not the case, with any/all traffic triggering the policy
What am I doing wrong? What have I missed? Thanks in advance!
P.S. Second time of creating this message; had a modal JSON error dialog appear after editing a much longer post, then the discovery the post had been deleted
Creating the following Twitter app in Firewall🡒Configure🡒Security service
And the following outbound lan policy in Firewall🡒Configure🡒Security policy
My expectation would be that only traffic matching the Twitter app profile definition above would trigger it.
But this is not the case, with any/all traffic triggering the policy
What am I doing wrong? What have I missed? Thanks in advance!
P.S. Second time of creating this message; had a modal JSON error dialog appear after editing a much longer post, then the discovery the post had been deleted
0
All Replies
-
Hi @thwartedEfforts,The steps a packet goes through a USG FLEX is illustrated in the diagram. If the traffic matches a UTM feature, then the gateway follows the action configured in the first matched UTM feature to block the traffic. In your example, the traffic needs to pass security policy rule first. Then the passed traffic will be scanned by App Patrol.
Click this link to start: https://bit.ly/3R2Wx52
Emily0 -
Thanks for your help.
I've removed the Firewall entry and my single App Patrol test definition remains as below:
The Firewall🡒Configure🡒Security service page has Content filtering enabled and the App Patrol rule for Twitter visible:
However, nothing is logged from the above settings, and Twitter is not being blocked despite the App Patrol profile action rejecting it; this behaviour is the reason I'd originally created the Firewall rule.
I'm a little lost now!0 -
Hi @thwartedEfforts,You still need to apply App Patrol and Content Filter policy to security policy to make these UTM features work.
The traffic that match the action(allow), protocol, source, destination, dst. port, user and schedule in the security policy will be allowed and passed through the device. That's why all traffic that pass the security policy are logged in the event logs.- If the traffic is blocked by security policy rule, then it is blocked at the firewall and will not enter UTM engine for further check.- If the traffic is allowed by security policy rule, then the traffic enters the device and then enters UTM engine for App Patrol/Content Filter check if you apply App Patrol/Content Filter policies to this security policy rule.
Click this link to start: https://bit.ly/3R2Wx52
Emily0
Zyxel Employee
Categories
- All Categories
- 164 Beta Program
- 1.7K Nebula
- 86 Nebula Ideas
- 62 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 50 Switch Ideas
- 907 WirelessLAN
- 27 WLAN Ideas
- 5.3K Consumer Product
- 172 Service & License
- 294 News and Release
- 65 Security Advisories
- 14 Education Center
- 911 FAQ
- 399 Nebula FAQ
- 249 Security FAQ
- 90 Switch FAQ
- 100 WirelessLAN FAQ
- 18 Consumer Product FAQ
- 55 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 51 Security Highlight
