https://live.paloaltonetworks.com/t5/general-topics/overcoming-an-application-filter-and-url-groups/m-p/41683#M30667 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply, I guess the bottom lien is tune, tune, tune.&nbsp; It is a different way of thinking than a typical firewall.</P><P></P><P>I was also thinking of customizing the risk ratings on the apps down to a lower level, then filter all apps with "risk 5" but am not sure if the customized risk rating would be reset during a future update.</P><P></P><P>Bob</P></BODY></HTML> Thu, 19 Apr 2012 02:15:04 GMT BobW 2012-04-19T02:15:04Z https://live.paloaltonetworks.com/t5/general-topics/overcoming-an-application-filter-and-url-groups/m-p/41681#M30665 <HTML><HEAD></HEAD><BODY><P>This example is fictitious, but you will get the idea.</P><P></P><P>I would like to use an application filter to block all "peer to peer".&nbsp; So I create the necessary filter.&nbsp; Then I determine that I want to allow one of the items which is defined in the "peer to peer" filter.&nbsp; Is there some way to overcome/remove the app from the filter?</P><P></P><P>I hope there is, otherwise I am afraid the filter process might not be very helpful.</P><P></P><P>While we're at it...How about overcoming URL groups?&nbsp; Example is I woudl like to allow some of the items in the social networking group but block all Chatroullette type sites.</P><P></P><P>Thanks,</P><P>Bob</P></BODY></HTML> Wed, 18 Apr 2012 03:37:24 GMT https://live.paloaltonetworks.com/t5/general-topics/overcoming-an-application-filter-and-url-groups/m-p/41681#M30665 BobW 2012-04-18T03:37:24Z https://live.paloaltonetworks.com/t5/general-topics/overcoming-an-application-filter-and-url-groups/m-p/41682#M30666 <HTML><HEAD></HEAD><BODY><P>The tricky part is when one object belongs to two groups or more at the same time.</P><P></P><P>I would then recommend to use the following setup:</P><P></P><P>1) Blacklist.</P><P></P><P>2) Whitelist.</P><P></P><P>3) Default deny (+ log on session end).</P><P></P><P>For example if one URL belongs to both "malware sites" and "travel sites" at the same time (and malware is blacklisted and travel is whitelisted).</P><P></P><P>In your case I think you can solve your problem by doing this:</P><P></P><P>1) Allow specific app.</P><P></P><P>2) Deny application-filter peer-to-peer.</P><P></P><P>3) Other rules...</P><P></P><P>4) Default deny (+ log on session end).</P><P></P><P>The tricky part is if the app you wish to allow also have a dependency to a much wider app such as web-browsing or unknown in case one of these is part of the applications you wish to block (or not allow).</P></BODY></HTML> Wed, 18 Apr 2012 05:41:58 GMT https://live.paloaltonetworks.com/t5/general-topics/overcoming-an-application-filter-and-url-groups/m-p/41682#M30666 mikand 2012-04-18T05:41:58Z https://live.paloaltonetworks.com/t5/general-topics/overcoming-an-application-filter-and-url-groups/m-p/41683#M30667 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply, I guess the bottom lien is tune, tune, tune.&nbsp; It is a different way of thinking than a typical firewall.</P><P></P><P>I was also thinking of customizing the risk ratings on the apps down to a lower level, then filter all apps with "risk 5" but am not sure if the customized risk rating would be reset during a future update.</P><P></P><P>Bob</P></BODY></HTML> Thu, 19 Apr 2012 02:15:04 GMT https://live.paloaltonetworks.com/t5/general-topics/overcoming-an-application-filter-and-url-groups/m-p/41683#M30667 BobW 2012-04-19T02:15:04Z