https://live.paloaltonetworks.com/t5/general-topics/application-logmein-identified-but-not-dropped-by-rulebase/m-p/14285#M10503 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Sorry, but I hav&nbsp; implemented a brand New PAN solution with Url cat and AV license.</P><P>All configuration works find. I have a visitor zone on a DMZ and I want them to access Internet but with my Url Categorisation, so I can't let them use Remote access application.</P><P></P><P>I Have implemented a rulebase with</P><P></P><P>[...]</P><P></P><P>Name "Rule 30"</P><P>Src Zone "DMZ"</P><P>Src "DmzUserNetwork-1" &amp; "DmzUserNetwork-2 "</P><P>Dst Zone "Internet"</P><P>Dst "Any"</P><P>Application: "Logmein" &amp; "tcp-over-dns" &amp; application group "peer-to-peer" =&gt; App-group have all filtered apps with catégorie p2p</P><P>Profil "None"</P><P>Action Drop</P><P></P><P>Name "Rule 50"</P><P>Src Zone "DMZ"</P><P>Src "DmzUserNetwork-2"</P><P>Dst Zone "Internet"</P><P>Dst "Any"</P><P>Application "Any"</P><P>Profil "Service Group MyProtectedPol" (=&gt; AV, Url-cat, and Malware rules)</P><P>Action Allow</P><P></P><P>[...]</P><P></P><P></P><P></P><P>The point is that from a device connected in DmzUserNetwork-2, when I try to connect the web browser to logmein service, PAN Monitor show me an allowed connexion based on rule 50. Rule 30 is Enabled, and placed before Rule 50. It seems that the firewall doesn't applied denied rule. Note that I have already commited config and saved.</P><P></P><P>Do you have any suggestions?</P><P></P><P>Thanks, BR.</P></BODY></HTML> Wed, 29 Feb 2012 15:35:38 GMT d_aznar 2012-02-29T15:35:38Z https://live.paloaltonetworks.com/t5/general-topics/application-logmein-identified-but-not-dropped-by-rulebase/m-p/14285#M10503 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Sorry, but I hav&nbsp; implemented a brand New PAN solution with Url cat and AV license.</P><P>All configuration works find. I have a visitor zone on a DMZ and I want them to access Internet but with my Url Categorisation, so I can't let them use Remote access application.</P><P></P><P>I Have implemented a rulebase with</P><P></P><P>[...]</P><P></P><P>Name "Rule 30"</P><P>Src Zone "DMZ"</P><P>Src "DmzUserNetwork-1" &amp; "DmzUserNetwork-2 "</P><P>Dst Zone "Internet"</P><P>Dst "Any"</P><P>Application: "Logmein" &amp; "tcp-over-dns" &amp; application group "peer-to-peer" =&gt; App-group have all filtered apps with catégorie p2p</P><P>Profil "None"</P><P>Action Drop</P><P></P><P>Name "Rule 50"</P><P>Src Zone "DMZ"</P><P>Src "DmzUserNetwork-2"</P><P>Dst Zone "Internet"</P><P>Dst "Any"</P><P>Application "Any"</P><P>Profil "Service Group MyProtectedPol" (=&gt; AV, Url-cat, and Malware rules)</P><P>Action Allow</P><P></P><P>[...]</P><P></P><P></P><P></P><P>The point is that from a device connected in DmzUserNetwork-2, when I try to connect the web browser to logmein service, PAN Monitor show me an allowed connexion based on rule 50. Rule 30 is Enabled, and placed before Rule 50. It seems that the firewall doesn't applied denied rule. Note that I have already commited config and saved.</P><P></P><P>Do you have any suggestions?</P><P></P><P>Thanks, BR.</P></BODY></HTML> Wed, 29 Feb 2012 15:35:38 GMT https://live.paloaltonetworks.com/t5/general-topics/application-logmein-identified-but-not-dropped-by-rulebase/m-p/14285#M10503 d_aznar 2012-02-29T15:35:38Z https://live.paloaltonetworks.com/t5/general-topics/application-logmein-identified-but-not-dropped-by-rulebase/m-p/14286#M10504 <HTML><HEAD></HEAD><BODY><P>Hello Team,</P><P></P><P>Seems that upgrade from 4.1.1 to 4.1.3 resolved the case.</P><P></P><P>No changes on the rulebase. But now, the Ref "Rule 30" drop rule is correctly interpreted and logmein trafic is dropped.</P><P></P><P>BR,</P><P><BR />David</P></BODY></HTML> Thu, 01 Mar 2012 10:10:01 GMT https://live.paloaltonetworks.com/t5/general-topics/application-logmein-identified-but-not-dropped-by-rulebase/m-p/14286#M10504 d_aznar 2012-03-01T10:10:01Z