https://live.paloaltonetworks.com/t5/next-generation-firewall/facebook-working-as-application-reddit-base/m-p/1227249#M5817 <P>Good Day</P> <P>&nbsp;</P> <P>Thanks for your message.</P> <P><BR />As more web-based applications are developed and refined, the useage of SSL forward proxy decryption rules may be needed.<BR />For example, the FW can easily recognize facebook-base, however of the 10 to 15 sub/child applications under facebook (facebook-post, facebook-chat, facebook-video, facebook-filesharing, etc), these applications may not be seen, as the traffic is still encapsulated packet.&nbsp; This would be why certain FB applications would still be allowed.</P> <P><BR />As for facebook-base showing up as reddit-base, certainly does not sound correct for a L7 application signature based firewall.</P> <P>You may want to consider opening a TAC case, so they can review/revise the application signatures as needed.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 23 Apr 2025 17:12:43 GMT S.Cantwell 2025-04-23T17:12:43Z https://live.paloaltonetworks.com/t5/next-generation-firewall/facebook-working-as-application-reddit-base/m-p/1224239#M5705 <P class="first:mt-0 last:mb-0" dir="ltr"><SPAN>We are currently experiencing an issue with URL filtering and application-based policies. We’ve set up a policy to block the Facebook application, but it’s still being allowed through. In the logs, it shows as the application "Application reddit-base" instead of Facebook.</SPAN></P> <P class="first:mt-0 last:mb-0" dir="ltr"><SPAN>When we remove the block rule, Facebook-related apps function normally, but when the rule is applied, it allows the traffic as the "reddit-base" application and hits a different rule.</SPAN></P> <P class="first:mt-0 last:mb-0" dir="ltr"><SPAN>Has anyone encountered a similar issue? We’ve tried both the latest and previous app-IDs and even rolled back, but the issue persists.</SPAN></P> <P class="first:mt-0 last:mb-0" dir="ltr"><SPAN>Any suggestions or insights would be greatly appreciated!</SPAN></P> Wed, 19 Mar 2025 21:27:58 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/facebook-working-as-application-reddit-base/m-p/1224239#M5705 Jagdeep1 2025-03-19T21:27:58Z https://live.paloaltonetworks.com/t5/next-generation-firewall/facebook-working-as-application-reddit-base/m-p/1227249#M5817 <P>Good Day</P> <P>&nbsp;</P> <P>Thanks for your message.</P> <P><BR />As more web-based applications are developed and refined, the useage of SSL forward proxy decryption rules may be needed.<BR />For example, the FW can easily recognize facebook-base, however of the 10 to 15 sub/child applications under facebook (facebook-post, facebook-chat, facebook-video, facebook-filesharing, etc), these applications may not be seen, as the traffic is still encapsulated packet.&nbsp; This would be why certain FB applications would still be allowed.</P> <P><BR />As for facebook-base showing up as reddit-base, certainly does not sound correct for a L7 application signature based firewall.</P> <P>You may want to consider opening a TAC case, so they can review/revise the application signatures as needed.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 23 Apr 2025 17:12:43 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/facebook-working-as-application-reddit-base/m-p/1227249#M5817 S.Cantwell 2025-04-23T17:12:43Z