Improve policy control for UTM Profile application patrol.
Just activated the IDP/AppPatrol Signature Service on my USG40 and found a problem.
So basically when you check a UTM Profile like application patrol the policy control need to ignore settings above source, destination, service and action and heres why.
Say you have a network setup for DMZ to WAN with the following rules in policy control
from DMZ to WAN HTTP allow
from DMZ to WAN HTTPS allow
from DMZ to WAN DNS allow
You then want to block Facebook by UTM Profile application that you make and you add a policy control top rule for that application patrol.
Well it blocks Facebook yes but it allows any thing from DMZ to WAN at the same time!