I also created a rule Source: Test PC Destination: www.teamviewer.com Service:Any Log and NAT: Enable I placed it on top of the rulebase Then I generated the http traffic to www.teamviewer.com and I checked the " count" field in the policy. It did show 13 packets in the count field. When I download the click on " Install" , I get the error. Any comments.I have not heard from the TAC anything yet

When I download the click on " Install" , I get the error.

It would be nice to know the wording of that error (message) is. Since the fp rule works, the problem is likely elsewhere. - Do you have admin rights on the test pc to install apps? - Is the pc' s own firewall blocking that app? - Have you checked teamviewer.com' s support pages to see what is needed to run their app and what ports needed to be open? - Have you checked the fgt' s logs to see what other sites or ports need to be open? (Their app could be connecting to sites other than www.teamviewer.com.)

I have tried a different approach. I created a URL filter and allowed all the trusted URL' s with the Action as " Exempt" . it works fine now. I applied that URL filter in the Web Filter profile and applied it to the Firewall Policy. If I select teh Action as " Allow" , the DLP rule takes precendence and I am unable to download any executables. Now the problem is that the traffic to those sites and the executables downloaded are not being scanned by the AV engine. Now what I have been able to achieve is: 1) Stop users from downloading executables from all the websites. 2) Enable users from downloading executables from the Trusted websites. What is pending is: 1) How can I make sure that the " executables" get scanned by the AV engine. 2) How can I prevent users from downloading files > 5120 KB (except pdf' s). I have enabled the Protocl options rule but how can I exempt the pdf files from this rule. Thanks Anne