Application Denial Policies

For instructions on configuring Application Denial Policies, see Creating an Application Denial Policy.

This option allows the administrator to deny application access by blocking any HTTP host name (FQDN - Fully Qualified Domain Name) or L4 port. Using application denial policies, administrators can block specific applications if they are seen to be consuming excessive network resources, or enforce network usage policies such as blocking social media sites.

The following usage guidelines need to be taken into consideration when defining Application Denial Policies:
Note: Many global organizations have both a ".com" suffix and country specific suffix such as ".co.uk", ".fr", ".au".etc. To block access to, for example, the host web server in all regional specific web sites for an organization, a rule like "www.corporate" could be used.
Note: Many global organizations use distributed content delivery networks such as Akamai. In such cases creating a rule such as "www.corporate.com" may not prevent access to the entire site. Further investigation of the content network behavior may need to be undertaken to fully prevent access.
Note: When using port-based rules, there is no distinction between the TCP and UDP protocols, so care should be taken if wishing to block a specific application port, as this will apply to both IP protocols and may inadvertently block another application using the other protocol.