Application filter keeps getting overwritten

Hi.

I would suggest you build a local copy of the policy because the imported version appears have issues. I would also suggest you raise a support case to investigate why th imported version is failing.

Ian

Hello FAAC Inc ,

Thank you for reaching out to the community, if you have applied both i.e. Web filtering and Application filtering in the FW rules, then according to the architect the application filtering has a higher precedence. So for example : some site or app is blocked in application and allowed in web filtering, then that site/app will be blocked as the application filtering has the higher precedence.

Good to know, thanks.

You're welcome FAAC Inc , cheers !!

It didn't get overwritten last night, so now I'm not sure what's going on.  The import was done to try and resolve some other issues we've been having with this device in Teams and Zoom meetings,  I've read through all the recommendations and guides for resolving such issues, but nothing seems to make it better or worse.  I typically see an average of 2% to 3% packet loss according to MS's Teams logs, and sometimes a max packet loss of 70+%, which results in audio dropping on the call, which is really annoying my users.  The other identical model at another site with the same ISP and switches works fine.  

I think I'm going to backup the config from this unit and restore it on the backup XGS we have to see if it's hardware problem.  If the problem persists, I'm going to rebuild from scratch.  

Update:

To rule out a possible hardware problems, I attempted to restore the config to alternate hardware, but the firewall booted into failsafe mode.  After rebooting, it looked like about half the config had been imported.  I suspect that indicates we had a corrupt configuration.

I restored the alternate hardware to factory config and rebuilt the config from scratch.  A couple test meetings I did worked fine, with Teams showing the same very low packet loss stats I see at my other sites. 

Thanks for the input rfcat_vk and Vivek Jaged

Hey FAAC Inc ,

Thank you for the update, As Teams uses UDP Port for communication, On the CLI, select option 4.) Device console
 execute the following command:

1. Type: show advanced-firewall

   The output shows the current UDP time-out value next to UDP timeout stream.

   1. Type: set advanced-firewall udp-timeout-stream 300

   2. Type: set advanced-firewall udp-timeout 300

This command increases the UDP time-out to 150 seconds. If your provider recommends a different value, use that.
      Ensure under the PROTECT > Intrusion Prevention > DoS & spoof Protection > DoS Settings > UDP flood is not enabled
   3. Additionally you can also refer my recommended read -  Sophos Firewall: How to prioritize the traffic via SD-WAN for the applications