3 Replies Latest reply on Jul 31, 2012 11:23 AM by mtuma

    Aplication group deny rule



      We have 3 rules defined  for http and https traffic, with the active AV based on the GTI.

      Now we want to include a new rule to deny a group of applications (named AplicacionesAccesoDenegado). We have defined it in Applications -> Groups.

      But, trying to enable the rule, it displays an error indicating that the defense application should be equal to that I have defined in the rest of the rules. (Screenshot attached)

      Can anybody tell us something about this?

      What are we doing wrongly?

      Thanks in advance.

        • 1. Re: Aplication group deny rule

          What happens when you select application defense "GrupoEJIESimple" for the rule "Aplicaciones Acceso Denegado" and save?


          What applications are inside the group "Aplicaciones Deny"?


          The fundamental problem is that in order for the Firewall to identify the application, it has to leak some of the data first. In order for it to leak this data, it has to know what Application Defense and NAT settings to use. Any rules that have applications with a parent/child relationship need to have the same Application Defenses and NAT.



          • 2. Re: Aplication group deny rule

            Hi Matt,

            If I select "GrupoEJIESimple" for "Aplicaciones Acceso Denegado" it displays a new error mesage saying "The rules Aplicaciones Acceso Denegado and NavegacionConEscaneoRestrictivo--Todo have applications (asproxy, http) that require identical appdefense setings"

            Inside the group "Aplicaciones Deny"  are all those wich are categorized as "anonymizers proxies"

            • 3. Re: Aplication group deny rule

              Ok. At this point I think you need to open a ticket with support.