Application Control and Proxies
There is some duplication of the functions available in the Application Control service and in the WatchGuard proxy policies. In general, the proxies perform different and more detailed inspection and provide more granular control over the type of content. For example with the HTTP proxy, you can
- Adjust timeout and length limits of HTTP requests and responses to prevent poor network performance, as well as several attacks
- Customize the deny message that users see when they try to connect to a website blocked by the HTTP proxy
- Filter web content MIME types
- Block specified path patterns and URLs
- Deny cookies from specified web sites
Proxies are also used to provide Gateway AntiVirus, WebBlocker, and Reputation Enabled Defense services.
By default, the HTTP proxy action blocks the download of these content types:
- Java bytecode
- ZIP archives
- Windows EXE/DLL files
- Windows CAB archive
The Application Control feature does not override settings in the proxy policy configuration. For example, if you allow YouTube in Application Control, but the proxy policy is already configured with an action to block streaming video, YouTube videos are still blocked.