https://community.checkpoint.com/t5/General-Topics/Application-amp-URL-Filtering-Blade-Rule-Ordering/m-p/138696#M24689 <P>I am trying to incorporate Application &amp; URL Filtering blade in my R80.40 Gateways.. currently all filtering happens in Proxy.</P><P>My query is if i create a deny deny any rule at the bottom of the Application Policy .. do i need to create all "Accept" rules at the top which should be in line with my Proxy whitelisting ?</P><P>As i understand the order is it will first go for port filtering in ACL then it comes to Application Policy for content filtering ..so even though content filtering is allowed in proxy it wont work until i create respective allow rules in Application Policy.&nbsp;</P> Tue, 18 Jan 2022 06:54:18 GMT LostBoY 2022-01-18T06:54:18Z https://community.checkpoint.com/t5/General-Topics/Application-amp-URL-Filtering-Blade-Rule-Ordering/m-p/138696#M24689 <P>I am trying to incorporate Application &amp; URL Filtering blade in my R80.40 Gateways.. currently all filtering happens in Proxy.</P><P>My query is if i create a deny deny any rule at the bottom of the Application Policy .. do i need to create all "Accept" rules at the top which should be in line with my Proxy whitelisting ?</P><P>As i understand the order is it will first go for port filtering in ACL then it comes to Application Policy for content filtering ..so even though content filtering is allowed in proxy it wont work until i create respective allow rules in Application Policy.&nbsp;</P> Tue, 18 Jan 2022 06:54:18 GMT https://community.checkpoint.com/t5/General-Topics/Application-amp-URL-Filtering-Blade-Rule-Ordering/m-p/138696#M24689 LostBoY 2022-01-18T06:54:18Z https://community.checkpoint.com/t5/General-Topics/Application-amp-URL-Filtering-Blade-Rule-Ordering/m-p/138731#M24692 <P>You should not create a CleanUp rule here but a pass all rule, any any allow ! See&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk73220&amp;partition=Advanced&amp;product=Application" target="_blank">sk73220: ATRG: <STRONG>Application</STRONG> Control</A>&nbsp;and r<SPAN>efer to the "Rule Matching in the Access Control Policy"&nbsp;section in the&nbsp;</SPAN><A href="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_NexGenSecurityGateway_Guide/html_frameset.htm" target="_blank" rel="noopener">Next Generation Security Gateway R80.10 Guide</A>&nbsp;or higher<SPAN>.</SPAN></P> Tue, 18 Jan 2022 10:57:32 GMT https://community.checkpoint.com/t5/General-Topics/Application-amp-URL-Filtering-Blade-Rule-Ordering/m-p/138731#M24692 G_W_Albrecht 2022-01-18T10:57:32Z