What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
A . It limits the scanning of application traffic to the DNS protocol only.
B. It limits the scanning of application traffic to use parent signatures only.
C. It limits the scanning of application traffic to the browser-based technology category only.
D. It limits the scanning of application traffic to the application category only.

View Answer

Answer: D

Explanation:

https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/38324/ngfw-policy-based-mode

In policy-based mode on a next-generation firewall (NGFW), you can use a URL list and application control in the same firewall policy to control traffic to and from specific websites or applications. However, there is a limitation to consider when using these features together:

It limits the scanning of application traffic to the application category only: The URL list and application control both rely on the firewall to inspect traffic and make decisions about what to allow or block. However, the URL list is limited to inspecting traffic at the URL level, while the application control can inspect traffic at a deeper level, such as at the application layer. This means that the application control is more comprehensive and can provide more granular control over specific applications, while the URL list is limited to controlling traffic at the URL level.