A blocked application will be fully blocked this is not what you are looking for.
What needs to be done is the following.
Define a network zone like "My Local Network(s)" that contain all ip ranges you need the application to have access to.
Once that's done you need to open the network policy and lookup the application in question.
Create rules like
Permit IP In/Out, Src Zone "My Local Network" Dst Zone "My Local Network".
Deny IP In/Out, Src Any, Dst Any.
This will allow the application to access all networks defined in the Zone "My Local Network" and block all other traffic, if you want to see what it blocks you can set Logging enabled on the Deny rule also.