What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

Dump/NSE4-EFW

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

chgook 2023. 3. 8. 00:39

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

A. It limits the scanning of application traffic to the browser-based technology category only.
B. It limits the scanning of application traffic to the DNS protocol only.
C. It limits the scanning of application traffic to use parent signatures only.
D. It limits the scanning of application traffic to the application category only.

Answer :

When using a URL list and application control on the same firewall policy in NGFW policy-based mode, the scanning of application traffic is limited to the application category only. This is because the firewall will first match the URL list, and if a match is found, the application control inspection will be skipped. As a result, only the application category will be scanned, and any traffic that doesn't fall under that category will be allowed through without inspection.

Therefore, it is important to carefully consider the order of policies when using both URL lists and application control in the same firewall policy. To ensure comprehensive inspection of all traffic, it is recommended to create separate policies for URL filtering and application control, rather than combining them into a single policy.

Answer : D