Hi there,

I am currently restricting certain IoT devices. For that reason, I've named and flagged those accordingly in the Device manager. Now my questions related to application control:

1) From a security point of view, do you think it makes sense to block applications without assigned category (only for the IoT devices)?
2) In my configuration,
  • I've blocked certain categories in "Applications" tab
  • I am using rules to block port 80 and 443 traffic not being HTTP respectively SSL first
  • then rules that allow Port 80 and 443 in general (as it is handled by the Webfilter)
  • next, I want to block uncatecorized applications other ports than 80/443: devices flagged with "restricted" and not having an entry in category. However, "Category not *"as per description of the global matcher condition doesn't work. Also not blocking "confidence = 0".

Anyone tried to apply something similar?

Thanks a lot!