Summary
After applying a test rule to block all outbound UDP traffic, the host-based firewall within Deep Security Manager (DSM) is not blocking the UDP traffic as expected.
Details
The scenario occurs because the Deny outbound rule has been hard-coded open, thus the firewall will not be able to block the outbound UDP traffic. This is created by design, as it can be hazardous and may completely isolate machines of the network if applied improperly with other rules.
If it is necessary to block outbound UDP traffic, you can create an incoming Deny rule to block the reply from the DNS server.
For more information about the Deep Security firewall, refer to the following links:
