https://live.paloaltonetworks.com/t5/general-topics/blocking-mac-osx-on-palo-alto/m-p/177419#M55336 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/63814">@imranshahid</a>,</P><P>So you should actually be able to do this perfectly fine through the use of broswer user-id agents and custom vulerability signatures. There's a really handy writeup of doing this for a Windows XP client using user-agent <A href="https://live.paloaltonetworks.com/t5/Configuration-Articles/Custom-vulnerability-signature-for-identifying-Windows-XP/ta-p/65879" target="_blank">here</A>&nbsp;and there is a full list of user agents for OS X maintained <A href="https://developers.whatismybrowser.com/useragents/explore/operating_system_name/mac-os-x/" target="_blank">here</A>&nbsp;</P><P>Setthing the vulnerability siganture default action and severity depending on your vulerability protection profile will reset the traffic, essentially making it so OS X is blocked.&nbsp;</P> Mon, 18 Sep 2017 18:45:48 GMT BPry 2017-09-18T18:45:48Z https://live.paloaltonetworks.com/t5/general-topics/blocking-mac-osx-on-palo-alto/m-p/177392#M55334 <P>Hi All,</P><P>I have a scenario where i would like to block users on the basis of os they are using. Example, if someone is using OSX, they should be blocked. Any suggestions if that can be achieved.</P><P>&nbsp;</P><P>Kind regards</P><P>&nbsp;</P><P>Imran&nbsp;</P><P>Brighton&nbsp;</P><P>UK</P> Mon, 18 Sep 2017 16:29:23 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-mac-osx-on-palo-alto/m-p/177392#M55334 imranshahid 2017-09-18T16:29:23Z https://live.paloaltonetworks.com/t5/general-topics/blocking-mac-osx-on-palo-alto/m-p/177419#M55336 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/63814">@imranshahid</a>,</P><P>So you should actually be able to do this perfectly fine through the use of broswer user-id agents and custom vulerability signatures. There's a really handy writeup of doing this for a Windows XP client using user-agent <A href="https://live.paloaltonetworks.com/t5/Configuration-Articles/Custom-vulnerability-signature-for-identifying-Windows-XP/ta-p/65879" target="_blank">here</A>&nbsp;and there is a full list of user agents for OS X maintained <A href="https://developers.whatismybrowser.com/useragents/explore/operating_system_name/mac-os-x/" target="_blank">here</A>&nbsp;</P><P>Setthing the vulnerability siganture default action and severity depending on your vulerability protection profile will reset the traffic, essentially making it so OS X is blocked.&nbsp;</P> Mon, 18 Sep 2017 18:45:48 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-mac-osx-on-palo-alto/m-p/177419#M55336 BPry 2017-09-18T18:45:48Z https://live.paloaltonetworks.com/t5/general-topics/blocking-mac-osx-on-palo-alto/m-p/177516#M55348 <P>thats why too lenghty and complex process. It there any other way around blocking mac osx.</P><P>&nbsp;</P> Tue, 19 Sep 2017 07:57:45 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-mac-osx-on-palo-alto/m-p/177516#M55348 imranshahid 2017-09-19T07:57:45Z https://live.paloaltonetworks.com/t5/general-topics/blocking-mac-osx-on-palo-alto/m-p/177522#M55349 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/63814">@imranshahid</a>,</P> <P>&nbsp;</P> <P>You can enforce HIP checks (host information profile). &nbsp;HIP can check on OS version and enforce policy .</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><A href="https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/globalprotect/objects-globalprotect-hip-objects" target="_blank">https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/globalprotect/objects-globalprotect-hip-objects</A></P> <P>&nbsp;</P> <P>However, if you found the previous suggestion&nbsp;too complex/lengthy then I doubt you will like this solution.</P> <P>&nbsp;</P> <P>Cheers !</P> <P>-Kiwi.</P> Tue, 19 Sep 2017 08:40:47 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-mac-osx-on-palo-alto/m-p/177522#M55349 kiwi 2017-09-19T08:40:47Z