The simplest way to end the sessions you see is to shift-select them all and then click End Session - End All Sessions will terminate all sessions regardless of the list (or so it seems).
Yes, I agree with that and this is what I explained that I did in my initial post, but the question was if this could be done from cli and why my application policy that is set to block iCloud service is not stopping it before it tries to access internet.
If you want to block Apple I would recommend try to block using ISDB. This will block the sessions at L3/L4 before they egress your ISP.
config firewall policy
set status disable
set name "Block All Apple Internet Services"
set uuid 035a9918-d5a9-51ed-9d57-ff6308a71c81
set srcintf "LAN"
set dstintf "WAN"
set action accept
set srcaddr "all"
set internet-service enable
set internet-service-name "Apple-APNs" "Apple-App.Store" "Apple-DNS" "Apple-FTP" "Apple-ICMP" "Apple-Inbound_Email" "Apple-LDAP" "Apple-NetBIOS.Name.Service" "Apple-NetBIOS.Session.Service" "Apple-NTP" "Apple-Other" "Apple-Outbound_Email" "Apple-RTMP" "Apple-SSH" "Apple-Web"
set schedule "always"
set nat enable
I do not wish to stop all Apple services, just the iCloud sessions that for some reason is killing the network on these locations - and I have been able to do so by isolating all iCloud IP addresses and blocking them in a firewall policy rule.
If there was a internet-service just for iCloud service, your above suggestion would work fine (except you are allowing it in your rule) but there is no internet-service that only includes iCloud as far as I can tell.