Enable your VPN provider's application level filtering

A VPN's firewall is designed to prevent certain types of traffic from passing from the external network (usually the Internet) to the internal network. This allows administrators to control what enters the local network and keep out unwanted data. In addition to filtering inbound traffic, a firewall can also prevent certain types of traffic from passing from the internal network to the external network (outbound traffic), thus preventing internal users from sending various types of data or sending it to particular destinations.

Modern firewalls use a technique called stateful packet filtering. This technology operates at the network and transport levels. These packet filters allow or deny traffic based on the source or destination IP address and other information, such as source and destination TCP and UDP port numbers and connection status. Dynamic packet filtering allows firewall ports to be opened and closed as needed, as opposed to static packet filtering, in which ports must be opened and closed manually.

Packet filtering allows you to set different criteria by which a data packet can be allowed or denied:

What you cannot do with packet filtering is examine the actual content of the data and block messages based on that content. This requires application-level filtering.

Application level filtering goes beyond packet filtering and allows much more granular control of what is entering or leaving the network.

It can be used to look for anomalous information in message headers and within the data itself, and it can be set to look for specific character strings (words or phrases) within the message body and block messages based on that information. In this way, ALF can be used to prevent network attacks or even to prevent internal users from sending particular sensitive information outside the network.