Application Filter Whitelist

Question

Hello, 
 
 I think that I might just not doing it right, but I cannot for the love of god, create an application filter which has it's default action set to "Deny". 
 If I go to Applications -> Application Filters -> Add I can enter the following: 
 Name, Description and Template. 
 And I can only choose the predefined templates which all are default to allow. 
 Since there is no option to change the default action after creating the application filter, there is no way to create an application filter which works as a whitelist. 
 All I can do is a blacklist. 
 Is this a bug, or just not possible at the moment? 
 Kind Regards, 
 Julian

Karlos · Answer

Hi Julian, 
 You are correct in that you cannot change the default action of an Application Filter template, but it still possible to whitelist. 
 You can do this by editing or adding a new Application Filter policy, selecting the applications you want to whitelist, then changing the action to from 'Deny' to 'Allow.' 
 A way to achieve the "Deny All" would be to create a new Application Filter Policy, selecting 'All' under categories, choosing 'Deny' for Action. 
 This will in essence trump the Allow All default action with a Deny All and then above this you can create a new Application Filter Criteria with the applications you want to whitelist. 
 Thanks, Karlos