https://live.paloaltonetworks.com/t5/general-topics/security-rules-when-isp-is-caching/m-p/5678#M4157 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>I am not sure if i understanding your questions correctly. </P><P>However if you are trying to block certain type of traffic why would you do it in a traditional manner of blocking it based on IP. Rather you should be taking advantage of the AppID and block it based on the application name. <BR />Doing this you will not have to worry about keeping track of what IP is cached and what IP you need to block. Hope this help in blocking the desired traffic. <BR />Thank you</P><P>Numan</P></BODY></HTML> Fri, 21 Feb 2014 23:03:22 GMT mbutt 2014-02-21T23:03:22Z https://live.paloaltonetworks.com/t5/general-topics/security-rules-when-isp-is-caching/m-p/5677#M4156 <HTML><HEAD></HEAD><BODY><P>In looking at outbound traffic I can see quite a bit to a network range owned by my ISP. I'm guessing that it's a cache. The application traffic seems to be what one would expect to be efficiently cached (ms-update, symantec-av-update, http-video, etc).</P><P></P><P>How do you write rules for that? Or is it that, say, Microsoft is taking an ms-update request and pointing the connection to the cache (based on my IP)?</P></BODY></HTML> Wed, 19 Feb 2014 17:35:10 GMT https://live.paloaltonetworks.com/t5/general-topics/security-rules-when-isp-is-caching/m-p/5677#M4156 MCmgt 2014-02-19T17:35:10Z https://live.paloaltonetworks.com/t5/general-topics/security-rules-when-isp-is-caching/m-p/5678#M4157 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>I am not sure if i understanding your questions correctly. </P><P>However if you are trying to block certain type of traffic why would you do it in a traditional manner of blocking it based on IP. Rather you should be taking advantage of the AppID and block it based on the application name. <BR />Doing this you will not have to worry about keeping track of what IP is cached and what IP you need to block. Hope this help in blocking the desired traffic. <BR />Thank you</P><P>Numan</P></BODY></HTML> Fri, 21 Feb 2014 23:03:22 GMT https://live.paloaltonetworks.com/t5/general-topics/security-rules-when-isp-is-caching/m-p/5678#M4157 mbutt 2014-02-21T23:03:22Z https://live.paloaltonetworks.com/t5/general-topics/security-rules-when-isp-is-caching/m-p/5679#M4158 <HTML><HEAD></HEAD><BODY><P>From the point of view of security, you may have two types of rules. </P><P></P><P>If you are trusting the ip range because this is your selected ISP and you trust what they choose to source from this range.&nbsp; Then write a traditional ip address based allow rule from your network.</P><P></P><P>If you are allowing the listed applications, then you create an application based allow rule to any ip address and permit the traffic.</P></BODY></HTML> Sat, 22 Feb 2014 15:58:37 GMT https://live.paloaltonetworks.com/t5/general-topics/security-rules-when-isp-is-caching/m-p/5679#M4158 pulukas 2014-02-22T15:58:37Z https://live.paloaltonetworks.com/t5/general-topics/security-rules-when-isp-is-caching/m-p/5680#M4159 <HTML><HEAD></HEAD><BODY><P>I'd like to tightly secure the outbound traffic I'm talking about. I'd rather not use <EM>just</EM> IP or <EM>just</EM> Application. I'd like to use both. A sample use case:</P><P></P><P>Some McAfee EPO traffic is being served from the cache. It is classified as web-browsing. I'd like to prevent general web browsing from that EPO server.</P></BODY></HTML> Tue, 25 Feb 2014 14:12:42 GMT https://live.paloaltonetworks.com/t5/general-topics/security-rules-when-isp-is-caching/m-p/5680#M4159 MCmgt 2014-02-25T14:12:42Z https://live.paloaltonetworks.com/t5/general-topics/security-rules-when-isp-is-caching/m-p/5681#M4160 <HTML><HEAD></HEAD><BODY><P>In order to do that you will have to create a custom application.Below docs can shows two different ways you can do it</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-1071">How to Create an Application Override Policy</A></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-2015">Custom Application Signatures</A></P><P></P><P>Hope this helps you resolve the issue.</P><P><BR />Thank you</P><P>Numan&nbsp; </P></BODY></HTML> Wed, 26 Feb 2014 21:00:07 GMT https://live.paloaltonetworks.com/t5/general-topics/security-rules-when-isp-is-caching/m-p/5681#M4160 mbutt 2014-02-26T21:00:07Z