For some reason I need to block the latest Chrome update as it breaks a legacy application.
The setup is as follows (everything runs R80.40 Take 89):
Internal FW with all blades & HTTPS Inspection ---> External FW which accepts everything coming in from Internal and does public NAT.
In the URLF/APPI policy of Internal, a policy is declared that all LAN connections to "Google Chrome-update" Application are blocked.
I see blocked traffic in that rule on Internal, but then I see Accept traffic in External FW blade and the update works.
Am I missing something?