The Protocol Filtering section allows you to filter traffic based on detected applications and protocols. The Protocol Filtering rules apply a range of Deep Packet Inspection and content analysis techniques, including encryption handshaking and Certificates. When it not able to inspect traffic, for example due to encryption, or does not recognise the content of the traffic, it will attempt to guess traffic based on destination and other heuristics.
Traffic forms detected are split into Applications, and Protocols. Protocols are considered well defined protocols. Applications are identified based on other techniques such as IP or certificate owner. A wide range are detected of each.
Both Applications and Protocol Filters work similarly. The controls allow blocking of items from an a large list of rules, and also allow adding of white listed IP addresses that will not be blocked.