Application control - exception

Hello to the community.
This is my first post.
I am facing the following issue (I have tried various configs -- according to my knowHow).
On my http&https policys where all office clients traffic is routed, I apply Proxy Action & Application Control. On AppCtrl, on the category File Sharing Services & Tools I use DROP on Web File Transfer. This produces 2 issues as I have notice.

  1. Mozilla firefox is trying to update via download.cdn.mozilla.net, which produce
    "heavy traffic" on the line and extremely download sizes to the client for great amount of time.
    e.g. for a specific client, for 12 hours, mozilla firefox was trying to be updated contacting the update service. The traffic that was loged by the LogServer were 47GB for domain mozilla.net. When I set ALLOW to the Web File Transfer, the update perfomed rapidly and the traffic towards download.cdn.mozilla.net stopped, as well the consumption of Bandwidth. (I have the report from LOGSERVER).

The update process of mozilla were ALLOWED BY PROXIES BUT DROPED BY the APPCONTROL

Allowed,2019-11-07 12:04:53,HTTP-proxy_LAN-00,download.mozilla.org,/?product=firefox-70.0.1-partial-70.0&os=win&lang=el
Allowed,2019-11-07 12:04:57,HTTP-proxy_LAN-00,download.cdn.mozilla.net,/pub/firefox/releases/70.0.1/update/win32/el/firefox-70.0-70.0.1.partial.mar

  1. Microsoft updates are not downloaded by clients due to DROP action on Web File Transfer.

Is there a way to create some exceptions for specific domains to bypass ->Web File Transfer DROP rule?

Thank you

Best Answer


  • Options

    Thank you very much for the accurate response. I created an allias to include all domains (e.g *microsoft) which require automatic updates.
    Thanks again.

Sign In to comment.