Ok unless I am missing something, you:
Create an Application Filter, set it to Block. But in the GUI overview it shows default action is Allow. You have to edit the policy to see it's set to block. Poor design and visually confusing.
Create a Firewall Filter, set it to Allow and choose the Application Filter that is set to Block. Poor design and visually confusing.
Logging is even worse, with Firewall Logs showing the rule as allowed (which technically it is), but then you have to view the Application Filter logs to see the actual block. Audit nightmare.
Is this really the way? I've never seen a policy and logging engine this badly implemented.
This thread was automatically locked due to age.