The Global Application Control action is created by default and cannot be removed. The default Global Application Control action is to allow all applications, unless you have specifically blocked an application in the configuration.
You can configure the Global Application Control action to control overall corporate policy. For example you can:
- Block all games
- Block use of peer-to-peer applications
The Global Application Control action does not apply to traffic unless you enable Application Control for policies in your configuration. You can assign the Global Application Control action directly to a policy, or you can use the Global Application Control action as a secondary action if traffic does not match the applications configured in a user-defined Application Control action assigned to a policy.
You can create more specific application actions to implement rules that apply to user groups or to specific interfaces. For example, you might want to apply some specific rules to allow one department to have access to an application.
If you know that an application is specifically restricted to a specific port, you can apply an Application Control action to a packet filter or proxy policy on that port only. If not, you must apply the Application Control action to an outgoing policy that covers all ports to make sure that you capture all possible traffic for the application.