Deep Packet Inspection (DPI) filtering, also called Layer 7 filtering, can block access to Applications and drop or reject SSH, NTP, or gaming traffic. DPI filtering should be used in addition to Web Filter Policies that only filter HTTPS and HTTP traffic.
Create a Firewall rule for one or more Applications:
- Don’t Include anything for the Source IP addresses, Destination IP addresses, Services and Groups sections.
- For Inbound Interfaces, select All internal interfaces and select Add.
- For Outbound Interfaces, select All external interfaces and select Add.
- For Applications (Apps) you can see a list of Application Themes or select the + icon to see individual Applications within that Application Theme. Select the checkboxes next to any combination of Themes or Applications.
Important
If you only see File Transfer and Networking in the list, you aren’t licensed for Layer 7 Application Control. You can’t manage this from the Licenses or Modules pages, so contact your CSM.
- Set the Action to Drop or Reject.