https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24344#M17743 <HTML><HEAD></HEAD><BODY><P>HI, i totally agree with you, a combination o app-id and url-based rule is the winning strategic solution. But first of all an app-id has to be built, i've defined protocols and networks for a custom app but i prefer working with an offical one.</P><P></P><P>App-id cache pollution&nbsp; was a nightmare in explaining to my customers and spamming youtube videos spred out panic <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Sun, 27 Jan 2013 16:18:03 GMT NGS_SOC 2013-01-27T16:18:03Z https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24342#M17741 <HTML><HEAD></HEAD><BODY><P>Is programmed a content update during next week for the new application mega (mega.co.nz)? </P><P>Right now the service is recognized as ssl, web-browing and unknown-tcp and becomes urget its new calssification due to the high bandwidth consumption and downloading legal issue. Brighcloud classifies correctly as personal storage but an application-based view, except from custom app, is required as soon as possible.</P></BODY></HTML> Sun, 27 Jan 2013 11:20:26 GMT https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24342#M17741 NGS_SOC 2013-01-27T11:20:26Z https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24343#M17742 <HTML><HEAD></HEAD><BODY><P>I think a combination of appid's with url-filter is always advisable specially when the domain(s) use a dedicated name and the application is http/https-based.</P><P></P><P>Just compare with the app-id cache pollution during the xmas-holidays. If an url-filter had been used in combination with appid it would have been much harder to bypass the filter.</P></BODY></HTML> Sun, 27 Jan 2013 16:05:46 GMT https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24343#M17742 mikand 2013-01-27T16:05:46Z https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24344#M17743 <HTML><HEAD></HEAD><BODY><P>HI, i totally agree with you, a combination o app-id and url-based rule is the winning strategic solution. But first of all an app-id has to be built, i've defined protocols and networks for a custom app but i prefer working with an offical one.</P><P></P><P>App-id cache pollution&nbsp; was a nightmare in explaining to my customers and spamming youtube videos spred out panic <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Sun, 27 Jan 2013 16:18:03 GMT https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24344#M17743 NGS_SOC 2013-01-27T16:18:03Z https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24345#M17744 <HTML><HEAD></HEAD><BODY><P>I think currently the best option is to contact the appid team at reasearch center to get an official appid: <A class="active_link" href="http://researchcenter.paloaltonetworks.com/tools/" title="http://researchcenter.paloaltonetworks.com/tools/">http://researchcenter.paloaltonetworks.com/tools/</A></P><P></P><P>And until their work hits the appid-db, as a workaround, create a custom-appid which will look at the host part of the http request (using web-browsing or such as a base-app) along with an url-filter.</P><P></P><P>Also dont forget the ssl-termination (dunno if Mega is compatible with this or not).</P></BODY></HTML> Sun, 27 Jan 2013 16:47:35 GMT https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24345#M17744 mikand 2013-01-27T16:47:35Z https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24346#M17745 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote" modifiedtitle="true"> <P>Also dont forget the ssl-termination (dunno if Mega is compatible with this or not).</P> </PRE><P></P><P>do you mean ssl decryption or a peculiar configuration upon custom app id?</P></BODY></HTML> Sun, 27 Jan 2013 16:55:07 GMT https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24346#M17745 NGS_SOC 2013-01-27T16:55:07Z https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24347#M17746 <HTML><HEAD></HEAD><BODY><P>Application mega build on app release 358</P></BODY></HTML> Sat, 02 Mar 2013 23:43:40 GMT https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24347#M17746 NGS_SOC 2013-03-02T23:43:40Z https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24348#M17747 <HTML><HEAD></HEAD><BODY><P>Sorry for late response, I meant ssl decryption yes.</P><P></P><P>The one where the PA will terminate the ssl session and create another one towards Internet - the client must have the CA the PA device will use for the ssl session between PA box and the client as a trusted CA. However some applications refuses to have their SSL traffic terminated or inspected (like windowsupdate among others). I dont know if this is the case for mega aswell. The PA can do a light edition of inspection (or just logging that is) for ssl it cannot terminate (decrypt) and that is by looking at the CN record of the cert being used (used for url-filtering when ssl decrypt is not active).</P><P></P><P>The best is to try to enable ssl decrypt and see how that works with mega (because then you can do stuff like IPS, AV, filetypes etc)...</P></BODY></HTML> Sun, 03 Mar 2013 16:52:50 GMT https://live.paloaltonetworks.com/t5/general-topics/mega-service/m-p/24348#M17747 mikand 2013-03-03T16:52:50Z