We can't fully utilized L7 features because of only deny option, there should be allow option as well. so we can control the traffic easier.
For example: If I want to whitelist some application or traffic so we can easily manage from the layer 7.
and if I want to allow some traffic based on destination so we can manage that traffic as well.
so basically we need 2 modification in Layer 7 policy
1. Allow option
2. destination host or IP address.
Regards,
Prateek Maheshwari