topic Is it risky to that allow browser-based apps on any ports in General Topics https://live.paloaltonetworks.com/t5/general-topics/is-it-risky-to-that-allow-browser-based-apps-on-any-ports/m-p/28745#M20980 <HTML><HEAD></HEAD><BODY><P>I'm considering to create a policy for Internet access to replace traditional Internet rule (i.e. outbound 80/tcp or any other ports raised by user per special request).&nbsp; To minimize future special request by user, I prefer to allow any ports if app-id identified the traffic as "browser-based apps".&nbsp; Would it be too risky to enable such rule (provided that antivirus, antispyware and vulnerability protection profiles are all turned on with URL filtering)?</P><P></P><P>Thank you.</P></BODY></HTML> Fri, 22 Jul 2011 09:54:03 GMT u7541 2011-07-22T09:54:03Z Is it risky to that allow browser-based apps on any ports https://live.paloaltonetworks.com/t5/general-topics/is-it-risky-to-that-allow-browser-based-apps-on-any-ports/m-p/28745#M20980 <HTML><HEAD></HEAD><BODY><P>I'm considering to create a policy for Internet access to replace traditional Internet rule (i.e. outbound 80/tcp or any other ports raised by user per special request).&nbsp; To minimize future special request by user, I prefer to allow any ports if app-id identified the traffic as "browser-based apps".&nbsp; Would it be too risky to enable such rule (provided that antivirus, antispyware and vulnerability protection profiles are all turned on with URL filtering)?</P><P></P><P>Thank you.</P></BODY></HTML> Fri, 22 Jul 2011 09:54:03 GMT https://live.paloaltonetworks.com/t5/general-topics/is-it-risky-to-that-allow-browser-based-apps-on-any-ports/m-p/28745#M20980 u7541 2011-07-22T09:54:03Z Re: Is it risky to that allow browser-based apps on any ports https://live.paloaltonetworks.com/t5/general-topics/is-it-risky-to-that-allow-browser-based-apps-on-any-ports/m-p/28746#M20981 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P> There is no absolute good answer about this. Security mongers will scream about this heresy while bored admin will say 'who cares if no virus comes in?'</P><P></P><P> I opened broswer-based on 80,443,8080,8443,81 and it suits 99% of user needs.</P></BODY></HTML> Fri, 22 Jul 2011 11:37:15 GMT https://live.paloaltonetworks.com/t5/general-topics/is-it-risky-to-that-allow-browser-based-apps-on-any-ports/m-p/28746#M20981 lardsa 2011-07-22T11:37:15Z