Why are my Application Control pass rules not taking effect?

Application Control has two tabs available to block applications, the Applications tab and the Rules tab.  The Applications tab entries require around 10 packets to recognize the signature of the application.  Once this signature is recognized, the appropriate action is taken, such as blocking the traffic.  The Rules tab's custom entries, however, take around 15 packets to recognize the application signature.  At this point, if the application is blocked by an entry in the Applications tab, the Rules tab will not receive the required 15 packets to recognize the app and take the appropriate action.

Creating pass rules in the Rules tab is intended only for passing traffic that would otherwise be blocked by a subsequent custom rule in the Rules tab.  Keep in mind, those rules are read from the top down until a match is made, then the rules are no longer read. 

 

As an example to illustrate how this would be set up, suppose you have a rule blocking Youtube to the 192.168.1.1/24 subnet. 

BlockYoutubeRule.jpg

Now you have one user at 192.168.1.20 that you would like to pass Youtube for.  Create a pass rule and place it above the Youtube block rule. 

AllowYoutubeRule.jpg

The final result in the Rules tab would look something like this:

YoutubeRules.jpg

 

 

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk