https://live.paloaltonetworks.com/t5/custom-signatures/webmail-control-via-url/m-p/245254#M290 <P>Hi&nbsp;mojunhwan,</P><P>&nbsp;</P><P>The best way of blocking naver is by application, but there are other ways as well.</P><P>&nbsp;</P><P>1. Create a security rule that blocks/denies the app&nbsp;<SPAN>naver-mail. But this rule will maybe require you to have an outgoing decrypt rule to actually see this app over ssl/443. Port 80 would be fine.<BR /></SPAN></P><P>&nbsp;</P><P>Two other ways of blocking naver:</P><P>2. Create a FQDN address object called mail.naver.com with FQDN=mail.naver.com and put this in a security rule on destination server with action equal reset-client or reset.both.</P><P>&nbsp;</P><P>3. Create a custom URL-category called "Denied URLs" and but the url *.naver.com in this URL-category. On the outgoing allowed rule for the clients add this URL-category to the URL filtering profil (in the security profile) with a Site Access set to "Block".</P><P>&nbsp;</P><P>- Kim</P> Tue, 08 Jan 2019 17:34:33 GMT Kim_Hansen 2019-01-08T17:34:33Z https://live.paloaltonetworks.com/t5/custom-signatures/webmail-control-via-url/m-p/245165#M289 <P><SPAN>Can paloalto control the sending of web mail?</SPAN></P><P>&nbsp;</P><P><SPAN>i want to make it impossible to send out from the webmail.</SPAN></P><P><SPAN>There is a service called Naver that provides web mail like Google.</SPAN></P><P><SPAN>for example,</SPAN></P><P>&nbsp;</P><P><SPAN>The URL for sending is as follows.</SPAN></P><P>mail.naver.com/n=111113333&amp;v=f#%7B"fClass"%3A"write"%2C"oParameter"%3A%7B"orderType"%3A"new"%2C"sMailList"%3A""%7D%7D</P><P>&nbsp;</P><P><SPAN>I created a policy using the URL category.<BR />mail.naver.com/^=f#%7B"fClass"%3A"write"%2C"oParameter"%3A%7B"orderType"%3A"new"%2C"sMailList"%3A""%7D%7D<BR /></SPAN></P><P><SPAN>mail.naver.com/*=f#%7B"fClass"%3A"write"%2C"oParameter"%3A%7B"orderType"%3A"new"%2C"sMailList"%3A""%7D%7D</SPAN></P><P>&nbsp;</P><P><SPAN>I would like to set a policy that is impossible to send through the URL. </SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P><SPAN>The results of the URL test were not blocked. </SPAN></P><P><SPAN>Using the http protocol and using 80 ports. Is it possible to implement it? </SPAN></P><P><SPAN>If there's anything I missed, give me some advice</SPAN></P><P>&nbsp;</P><P><SPAN>I also wonder if the gmail can also be controlled.</SPAN></P><P><SPAN>It was not long after I started the Palo Alto firewall. I hope you understand.</SPAN></P> Tue, 08 Jan 2019 07:08:37 GMT https://live.paloaltonetworks.com/t5/custom-signatures/webmail-control-via-url/m-p/245165#M289 mojunhwan 2019-01-08T07:08:37Z https://live.paloaltonetworks.com/t5/custom-signatures/webmail-control-via-url/m-p/245254#M290 <P>Hi&nbsp;mojunhwan,</P><P>&nbsp;</P><P>The best way of blocking naver is by application, but there are other ways as well.</P><P>&nbsp;</P><P>1. Create a security rule that blocks/denies the app&nbsp;<SPAN>naver-mail. But this rule will maybe require you to have an outgoing decrypt rule to actually see this app over ssl/443. Port 80 would be fine.<BR /></SPAN></P><P>&nbsp;</P><P>Two other ways of blocking naver:</P><P>2. Create a FQDN address object called mail.naver.com with FQDN=mail.naver.com and put this in a security rule on destination server with action equal reset-client or reset.both.</P><P>&nbsp;</P><P>3. Create a custom URL-category called "Denied URLs" and but the url *.naver.com in this URL-category. On the outgoing allowed rule for the clients add this URL-category to the URL filtering profil (in the security profile) with a Site Access set to "Block".</P><P>&nbsp;</P><P>- Kim</P> Tue, 08 Jan 2019 17:34:33 GMT https://live.paloaltonetworks.com/t5/custom-signatures/webmail-control-via-url/m-p/245254#M290 Kim_Hansen 2019-01-08T17:34:33Z