You are performing AppSecure traffic processing to enforce AppFW. What happens when
traffic matching an established security session is newly detected as a different application?
A.
The application will not be permitted if doing so would violate the session limit in the
screen properties applied to that zone.
B.
Zone-based firewall rules will be re-parsed to determine if a rule exists that permits the
newly detected application.
C.
The security processing facility of the data plane re-examines the whitelist or blacklist
referenced in the security policy to see if the new application is permitted.
D.
The newly detected application will not be permitted and session will be torn down unless
a specific match exists against the exempt rulebase.
C
Exempt rulebase is IPS…I hate C’s wording, but I agree with C, also A makes no sense.