topic Identifying iPad App Traffic in General Topics

Identifying iPad App Traffic

DariusvanWijk — Tue, 11 Feb 2020 10:01:06 GMT

Greetings

I have a PA-220 Running Version 8.1.9-h4

Current problem is that some teachers use iPads and some of them use an app called SEESAW.

The app loads fine on the iPad but seem to be blocked from the cloud resources it should have access to.

Using it on Mobile data everything loads fine.

Using it through the Firewall I eventually get a message "Can't Connect to Server" "Retry"

I have gone to the Monitor tab and using the iPad's IP have checked

>Traffic
>Threat
>URL Filtering
as well as a few others.
nothing is coming up as Blocked everything seems to be allowed.

I cannot work out what or where the traffic is being blocked.

Any Advice or hints are appreciated.

Re: Identifying iPad App Traffic

SutareMayur — Tue, 11 Feb 2020 10:08:12 GMT

@DariusvanWijk,

If security policy is application specific, please check if any dependent app is not allowed in the policy. If this is not the case,

take one system in the same subnet which belongs to iPAD and try traceroute to the destination IP addresses seen in traffic logs and check if it passes firewall.

-Mayur

Re: Identifying iPad App Traffic

DariusvanWijk — Tue, 11 Feb 2020 11:04:16 GMT

@SutareMayur

Do you mean that i should go to Objects > Applications and add SEESAW to the allowed application list?
If so then i cannot as PALO does have a SEESAW application listed as an option.

I also checked here https://applipedia.paloaltonetworks.com/

Re: Identifying iPad App Traffic

SutareMayur — Tue, 11 Feb 2020 11:18:09 GMT

@DariusvanWijk ,

I mean what type of security policy u have written for allowing traffic?? is it application based or service based??

Mayur

Re: Identifying iPad App Traffic

DariusvanWijk — Tue, 11 Feb 2020 11:42:46 GMT

@SutareMayur

There are a list off applications that are allowed, Under objects > Application groups that the iPads are allowed to use and then under Objects > URL Filtering there the URL Categories that are blocked or allowed.

Re: Identifying iPad App Traffic

SutareMayur — Wed, 12 Feb 2020 02:58:22 GMT

@DariusvanWijk,

There are certain applications which are dependent on some other applications. If dependent apps are not allowed in the policy, it never works as per our expectations.

e.g. If you want to allow traceroute app in the policy, you need to allow ICMP and Ping also in order to work it properly. Dependency can be checked under each application details on firewall.

- Mayur

Re: Identifying iPad App Traffic

DariusvanWijk — Wed, 12 Feb 2020 06:35:33 GMT

@SutareMayur

Morning.
I get what you are saying about the dependencies.

But i don't know what SEESAW needs.

SEESAW is not listed as an application (like Netflix is) in the Palo software.
https://applipedia.paloaltonetworks.com/

So if SEESAW as an application in the Palo is actually SAWSEE, i don't know how to work that out to allow it.

basically how do i work out if it has different name, or why the traffic is not allowed.

Edit: I just got told it worked on Friday last week. (and i have not made change to the firewall between then and now)