Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 39 subscribers
  • Views 6102 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I block unidentified apps?

Chibana

I would like to have a rule that comes before my general outbound Internet access rule that blocks all traffic on unrecognized applications.  Is there some way to do this?  In the firewall I'm moving from, there are applications or unknown-tcp and unknown-udp, and you can use those in policy.  I don't see a way to do this in Sophos XG.  I was hoping I could use a negate:  create a rule with all known apps, negate them, and set the action to reject, but I don't see how to do that, either.



This thread was automatically locked due to age.
  • 0

    Hmm, right after posting this, I think I may have answered my own question.  I suppose I could create a rule that allows all of the apps in the list, and anything that doesn't fall into that list will by default get blocked.  I like the explicit block rule at the top of the rule list, but this should work.

Unfiltered HTML