Hello
Is there a rule to allow traffic to pass via port 443 and block or drop for other app like vpn app (drop) on desktop and smart phone . Microsoft teams , google… allow ?!!
Even though you might have some success by constructing L7 filter rules it probably won’t last … The encrypted connection protocols are evolving. Currently there’s some initial connection metadata passed unencrypted (namely SNI field) and it is possible to construct L7 filter to fetch that data and act upon it. But there’s already next standard which encrypts also that data (ESNI). When that standard picks up current L7 filter rules will be useless.
So as things stand now, it’s mostly: forget about it. There are solutions around it, but they either break standards or cost a lot. Unless you install some firewall application directly on end devices, this approach has benefit of knowing which application is actually starting certain connections. The drawback, however, is that most of the time you don’t have control over connecting devices (happens even in corporate environment).
Thank you for ur reply.
In my opinion vpn app VS Mikrotik firewall–>Vpn wins 
Some VPN (PPtP & IPSec) use specific port and protocol,
Some other (L2TP, IKEv2, OpenVPN, Wireguard) only TCP or UDP ports
PPtP TCP 1723 & Protocol 47 GRE
IPSec UDP 500 & UDP 4500 & Protocol 50 ESP & Protocol 51 AH
L2TP UDP 1701 plus the same IPSec ports UDP 500 & UDP 4500
IKEv2 use same IPSec UDP 500
“OpenVPN UDP” use UDP 1194
Wireguard UDP 51820
Cisco VPN & IPSec: TCP 10000
Also EoIP, IP Tunnel (IPIP) and GRE tunnels used for VPN have the same port and protocol of PPtP
EoIP and IPIP can be used (MUST be used…) with IPSec for security
blocking that port and protocol the VPN can not be maded…
but other VPN like SSTP or “OpenVPN TCP” using TCP Port 443 HTTPS and are hard to block…
Thank you for those info 