Allow a specific site on a specific app using a Firewall policy

Article ID: 360000593707
August 21, 2019 22:48

[Environment]
Knox Manage

[Summary]

User can access blocked sites even though KM disallows access using a Firewall deny rule. For example: Chrome cannot block access to "facebook.com" when the policy is set as below:

[Cause*]

The behavior follows addDomainFilterRule API's concept.
As per the description, an administrator can apply a rule for a specific application or for all applications at once (using FIREWALL_ALL_PACKAGES). If a rule with FIREWALL_ALL_PACKAGES value is already in the database and a rule is added with a specific application, the general one will not be considered to resolve the domain access enforcement for this specific application.

[Resolution*]

For a browser-specific application, block every site on every browser and allow specific sites on one browser only. IT admins will have to add more prohibited policies for Chrome. If the application has a Permitted policy(Domain), the app has to add a prohibited policy(Domain) as well.

Was this article helpful?

Sorry about that

Why wasn't this helpful? (check all that apply)

Couldn't find what I was looking for

Information confusing or unclear

Instructions didn't work

Comments

Great!

Thanks for taking the time to give us some feedback.

Additional Support

Enroll or sign in to submit support tickets

Looking for other product help?

ARTICLES IN THIS SECTION