how does Application Filtering work in concert with URL-Filtering? Say you have an application filtering rule that allows certain Facebook functions and blocks others, while at the same time you have a URL-Filter rule that blocks Social Media sites. That rule would completely block Facebook.
I figure it all depends on rule placement.
How does it work? What's best practice?
At the moment, application controls are only designed for blocking applications.
They are not designed for allowing applications -- be it as a whole or a specific subset.
So your scenario will not work, where you attempt to allow facebook with application control, and then are blocking Social networking.
I just opened a support case regarding this type of issue. Is this on the roadmap? Having an application definition that is only useful for blocking is difficult. I guess it is always easier to break something, then make it work.
Regarding Facebook specifically, the akamai content domains are not included. Regarding main applications I can't imagine a whole lot of change to those definitions. They have their domain(s) + TLD and they pretty much stay the same. Content sites for them may change more often, but has McAfee even attempted to see how much work it is?
You are correct in that it is easier to break something that to make it work.
I am not certain of how much work it is. PM (Product management) would probably have a better idea of what research went into that.
I am really wondering where McAfee is headed with this. If I compare this to other vendor's solutions (namely Palo Alto Networks), then McAfee doesn't even come close. No offense, but it looks more like a "we have it too" feature than something that has really been thought through. Are there any PMs on this forum who could give us some food?