App Control Advance: Exclusion Logic

04/22/2020 48 2811

DESCRIPTION:

Many a times, App control application/signature exclusion does not work as configured.

The logic for exclusion which firewall understands is if category is blocked completely , then it will skip the checking for exclusion/inclusion list of its corresponding applications.Similary, if application is blocked completely , then it will skip the checking for the exclusion/inclusion list of its corresponding signatures.

EXAMPLE: 

Lets take an example of 'Multimedia' category which has been blocked completely through application control advanced but we need  to access Youtube website.

If we directly go to the application YouTube and configure it with an exclusion list, it will fail to execute the exclusion list because at the category level it has been blocked and hence firewall will not check the exclusion list of individual applications.

RESOLUTION:

A reverse logic should be implemented to achieve these kind of requirements.

Lets take the same example where multimedia category is still blocked and YouTube needs to be allowed.

Instead of configuring the exclusion list, we will configure a reverse logic where we will configure the inclusion list as shown below. Here, firewall will check the exclusion/inclusion list as now the block has been disabled which is different than its parent category level. 

NOTE: Same logic can be applied for signature level as well if we have specific signature which needs to be excluded but its parent application needs to be blocked.