What happens when you select application defense "GrupoEJIESimple" for the rule "Aplicaciones Acceso Denegado" and save?
What applications are inside the group "Aplicaciones Deny"?
The fundamental problem is that in order for the Firewall to identify the application, it has to leak some of the data first. In order for it to leak this data, it has to know what Application Defense and NAT settings to use. Any rules that have applications with a parent/child relationship need to have the same Application Defenses and NAT.
If I select "GrupoEJIESimple" for "Aplicaciones Acceso Denegado" it displays a new error mesage saying "The rules Aplicaciones Acceso Denegado and NavegacionConEscaneoRestrictivo--Todo have applications (asproxy, http) that require identical appdefense setings"
Inside the group "Aplicaciones Deny" are all those wich are categorized as "anonymizers proxies"
Ok. At this point I think you need to open a ticket with support.