Palo Alto blocks legitim applications

OGasimli — Thu, 05 May 2022 06:11:13 GMT

Hi everyone,

We have defined Risk App block rule which contains the app by risk category, characteristics and vice versa.

After upgrading PA to 10.1.5-h1 version it starts to block ssl, web-browsing, google-base, whatsapp and other apps which are not among apps which is blocked by my defined rule.

I'va looked for matching apps in app filters, but there were no apps which PA is blocked incorrectly. I assume that App Filter rule does not work properly.

Device is PA-820, PAN OS version 10.1.5-h1. Latest app and threats db is installed.

Re: Palo Alto blocks legitim applications

BPry — Fri, 06 May 2022 14:17:45 GMT

@OGasimli,

That's not really a lot of information to go off of in your post if I'm being honest. How exactly do you have the application filter setup? When you look at the denied traffic does it transition from a blocked application to a know app-id at all? Without knowing how the filter is actually configured, it could be acting exactly as configured or it could not be. We'd need to know the actual filter to look into that more.

The only thing that I can say at the moment is that I haven't encountered any issues with our existing application filters when upgrading from 10.0 to 10.1, so I wouldn't expect this to be a bug.

topic Palo Alto blocks legitim applications in General Topics

Palo Alto blocks legitim applications

Re: Palo Alto blocks legitim applications