I'm facing an issue with false positive of the Application Filter on SFOS 16.05.03 MR-1 accessing a legit web site.
Here the relevant log from console:
device="SFW" date=2017-05-03 time=12:32:18 timezone="CEST" device_name="CR1500iNG-XP" device_id=CXXXXXXXXX-XXXXXX log_id=054402617051 log_type="Content Filtering" log_component="Application" log_subtype="Denied" priority=Information fw_rule_id=10 user_name="xxxxx@xxxxxxx" user_gp="grp-xxxxxxxx" application_filter_policy=11 category="Proxy and Tunnel" application_name="WebFreer Proxy" application_risk=3 application_technology="Browser Based" application_category="Proxy and Tunnel" src_ip=xx.xx.xx.xx src_country_code=ITA dst_ip=xx.xx.xx.xx dst_country_code=R1 protocol="TCP" src_port=443 dst_port=53002 sent_bytes=0 recv_bytes=0 status="Deny" message=""
The only known workaround to avoid this false positive is to create a destination based firewall rule for that particular site with no Application Filter (or specifically modified Application Filter policy).
That is not a good solution in my particular scenario because I have many different user groups, each one with a specific Web Filter and Application Filter policies, and some of the groups do not even have to access that legit web site, so it is required to create many different destination based rules.
So, my suggestion is that it could be far better to have an Application Filter Excepetions similar to the one for the Web Filter.
This thread was automatically locked due to age.
