https://live.paloaltonetworks.com/t5/general-topics/ms-direct-access/m-p/40979#M30119 <HTML><HEAD></HEAD><BODY><P>According to <A href="http://apps.paloaltonetworks.com/applipedia/" title="http://apps.paloaltonetworks.com/applipedia/"> Application Research Center</A> the appid should be "ipv6":</P><P></P><P>"</P><P>Description</P><P>The technique of encapsulating IPv6 packets within IPv4 so that they can be carried across IPv4 routing infrastructures. While the IPv6 infrastructure is being deployed, the existing IPv4 routing infrastructure can remain functional and can be used to carry IPv6 traffic. Examples of IPv6 tunneling mechanisms are 6in4, 6to4. </P><P>"</P><P></P><P>The 6in4 stuff is the "protocol 41" according to <A class="active_link" href="http://en.wikipedia.org/wiki/6in4" title="http://en.wikipedia.org/wiki/6in4">6in4 - Wikipedia, the free encyclopedia</A></P><P></P><P>Generally speaking if you have setup a "deny + log" rule in the end of your security policy set you should be able to see in the traffic log how the blocked traffic is being identified as.</P></BODY></HTML> Wed, 20 Mar 2013 07:49:41 GMT mikand 2013-03-20T07:49:41Z https://live.paloaltonetworks.com/t5/general-topics/ms-direct-access/m-p/40977#M30117 <HTML><HEAD></HEAD><BODY><P>Any one setup MS Direct Access?</P><P></P><P>I have a MS consultant stating that all that is needed is to set up a NAT and add a security policy to allow TCP 443 and IP Protocol 41.</P><P></P><P>Here is the dumb question...</P><P>How do you allow IP Protocol 41?</P></BODY></HTML> Wed, 20 Mar 2013 04:37:05 GMT https://live.paloaltonetworks.com/t5/general-topics/ms-direct-access/m-p/40977#M30117 almay 2013-03-20T04:37:05Z https://live.paloaltonetworks.com/t5/general-topics/ms-direct-access/m-p/40978#M30118 <HTML><HEAD></HEAD><BODY><P>I tryed to find "UAG" or Direct acces on <A href="http://apps.paloaltonetworks.com/applipedia//" title="http://apps.paloaltonetworks.com/applipedia//"> Application Research Center</A></P><P>But it seems that this apllication doesnt has a their own signature.</P><P></P><P>In my opinion you have to make a port redirection (NAT rule) and security rule that will allow _all_ application, and it you will have estabilised session take a look into Monitor &gt; Traffic - you will see how this traffic is categorised by PAN.</P><P></P><P>Regards</P><P>SLawek</P></BODY></HTML> Wed, 20 Mar 2013 07:45:17 GMT https://live.paloaltonetworks.com/t5/general-topics/ms-direct-access/m-p/40978#M30118 _slv_ 2013-03-20T07:45:17Z https://live.paloaltonetworks.com/t5/general-topics/ms-direct-access/m-p/40979#M30119 <HTML><HEAD></HEAD><BODY><P>According to <A href="http://apps.paloaltonetworks.com/applipedia/" title="http://apps.paloaltonetworks.com/applipedia/"> Application Research Center</A> the appid should be "ipv6":</P><P></P><P>"</P><P>Description</P><P>The technique of encapsulating IPv6 packets within IPv4 so that they can be carried across IPv4 routing infrastructures. While the IPv6 infrastructure is being deployed, the existing IPv4 routing infrastructure can remain functional and can be used to carry IPv6 traffic. Examples of IPv6 tunneling mechanisms are 6in4, 6to4. </P><P>"</P><P></P><P>The 6in4 stuff is the "protocol 41" according to <A class="active_link" href="http://en.wikipedia.org/wiki/6in4" title="http://en.wikipedia.org/wiki/6in4">6in4 - Wikipedia, the free encyclopedia</A></P><P></P><P>Generally speaking if you have setup a "deny + log" rule in the end of your security policy set you should be able to see in the traffic log how the blocked traffic is being identified as.</P></BODY></HTML> Wed, 20 Mar 2013 07:49:41 GMT https://live.paloaltonetworks.com/t5/general-topics/ms-direct-access/m-p/40979#M30119 mikand 2013-03-20T07:49:41Z