We are changing policy enforcement behavior for web application requests.
A firewall rule configured to block an app will now take precedence, as prior behavior was to forward web traffic to Secure Web Gateway (SWG) without evaluating firewall policy first.
For web application requests, the Umbrella Firewall policy rules match the identity and destination defined in the rule. If the request matches, then the Umbrella cloud-delivered firewall (CDFW) enforces the action (Allow or Block) defined in the rule. If the matching rule defines a block action then the request is blocked by the CDFW and if it's allowed then CDFW forwards the request to Umbrella SWG. Umbrella continues to process the request applying the access controls defined in the web policy.
For more information, please review the admin guide below:
Firewall Policy Settings