Blocked Applications Report

Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes

The Blocked Applications report shows a summary of the applications used on your network that were blocked by Application Control. The report includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available.

This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.

How to Use this Report

This report can help you find out more about blocked applications on your network. Here are some ways to use this report:

  • Select the Top Blocked by User pivot to see the top blocked applications on your network, and the top users of those applications.
  • If users report that they cannot use a specific application, select the Top Blocked by User or Top Blocked by Host pivots to see if Application Control blocks the application. If you want to allow the application on your network, update the Application Control action.
  • Select the Detail report to see the protocols associated with each blocked application.

View the Report

This report is available in WatchGuard Cloud and in Dimension.


You can use pivots to change the view of the data on the report.

To switch to a different view, select a pivot from the drop-down list above the report.

This report includes these pivots:

Top Blocked by User

Summary of the applications that were most blocked, organized by user name.

Top Blocked by Host

Summary of the applications that were most blocked, organized by host.

Top Users Blocked

Summary of the applications blocked by each user.

Top Hosts Blocked

Summary of the applications blocked by each host.

Detail View

To view a detailed report of all applications blocked by Application Control, click View Details at the top of the report.

Screen shot of View Details link in a report

The Blocked Applications Detail report includes a row for each application blocked by Application Control and displays this information:

Column Description
Event Time Date and time Application Control blocked the application
Client Name of the client
Source IP address of the traffic source
Destination IP address of the traffic destination
Policy Name of the Firebox policy that examined the traffic
Protocol Protocol used to send the traffic
Category Application Control category of the blocked application
Application Name of the application blocked by Application Control
Disposition Action taken by the Firebox for this traffic, such as Allowed or Denied
Hits Number of hits

Enable Logging for this Report

Logging for cloud-managed Fireboxes is automatically enabled. For locally-managed Fireboxes, you must manually enable logging in Fireware Web UI or Policy Manager. For more information, see Set Logging and Notification Preferences.

To collect the data required for this report for locally-managed Fireboxes, in Fireware Web UI or Policy Manager:

  • In the Logging and Notification settings for all packet filters, select Send a log message for reports.
  • In the General Settings for all proxy actions, select Enable logging for reports.

See Also

WatchGuard Cloud Device Reports List

View WatchGuard Cloud Device Reports