cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

App & URL Filtering Behavior

Hi Guys,

I deployed a CP firewall running R80.10 and I am using App & URL Filtering however, I noticed an abnormal behavior.

For example, I have a policy for Symantec Updates so my policy looks like the following below,

Source: Internal Subnet

Destination: Any

Service & Application: Symantec-Updates

Action: Permit

When I check the logs for the particular rule, I noticed some traffic which supposed to be not there like going to other site not related to Symantec.

I would like to know why is like that, is that normal or my rule is not correct?

Thanks

4 Replies
Admin
Admin

Re: App & URL Filtering Behavior

First, I'd set the destination to "Internet" as opposed to any (unless some of the traffic is destined internally).

It also could be a false positive, in which case the TAC will need to investigate.

0 Kudos

Re: App & URL Filtering Behavior

Hi Dameon Welch-Abernathy‌, 

thanks for the feedback. Technically, "Internet" and "Any" should be the same right?

0 Kudos

Re: App & URL Filtering Behavior

I find this thread especially educating on what is Internet when it comes to firewalls:

 

0 Kudos
Admin
Admin

Re: App & URL Filtering Behavior

Any literally means anything, including the Internet.

Internet does not include your internal networks.

0 Kudos