https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10913#M8047 <HTML><HEAD></HEAD><BODY><P>You could combine your security rule with a URL Filter policy, to only allow access to the webex sites, either through the pre defined category or through a custom URL category.</P></BODY></HTML> Tue, 21 Feb 2012 13:10:07 GMT gafrol 2012-02-21T13:10:07Z https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10912#M8046 <HTML><HEAD></HEAD><BODY><P>Hi all.</P><P>I have a question of application dependency when define a security rule with application. <BR />I’d like to add a security rule for a webex, and webex must requires SSL due to application dependency. <BR />so&nbsp; I add both of applications webex and SSL in a same security rule for allow to webex. </P><P><BR />After added a rule, I can access SSL webex. But other SSL traffic also allows by this webex rule. <BR />Because of this webex rule allows all SSL traffic.</P><P></P><P>I’d like to only allow webex SSL traffic and&nbsp; must need to block SSL traffic excluding SSL of Webex. </P><P>What is the best way to define only Webex SSL traffic?</P></BODY></HTML> Tue, 21 Feb 2012 12:45:49 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10912#M8046 willstech 2012-02-21T12:45:49Z https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10913#M8047 <HTML><HEAD></HEAD><BODY><P>You could combine your security rule with a URL Filter policy, to only allow access to the webex sites, either through the pre defined category or through a custom URL category.</P></BODY></HTML> Tue, 21 Feb 2012 13:10:07 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10913#M8047 gafrol 2012-02-21T13:10:07Z https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10914#M8048 <HTML><HEAD></HEAD><BODY><P>Hoepfully this will be addressed in upcoming versions so you will only need to specify "webex" (in this case) and it will behind the scenes allow SSL but then drop the traffic if it doesnt match webex after the initial ssl handshake.</P></BODY></HTML> Tue, 21 Feb 2012 20:55:04 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10914#M8048 mikand 2012-02-21T20:55:04Z https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10915#M8049 <HTML><HEAD></HEAD><BODY><P>Hi mikand.</P><P>thanks for good information. </P><P></P><P>if you know, could you tell me the more detail regarding of it?</P><P></P><P>for example. </P><P>when and what version will fix this problem? and etc. </P><P></P><P>Thanks.</P></BODY></HTML> Wed, 22 Feb 2012 09:54:25 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10915#M8049 willstech 2012-02-22T09:54:25Z https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10916#M8050 <HTML><HEAD></HEAD><BODY><P>I think its best if one of the PA people in here could answer you on this one.</P><P></P><P>In my case one could call it "rumours says" <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P></P><P>But as I understand it PA is currently working to fix this but dunno when and to what extend this will be addressed (because I guess there might be situations where a "behind the scenes" allow just wont cut it and you need to manually allow the traffic anyway). So just let us keep our fingers crossed <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Wed, 22 Feb 2012 18:20:08 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10916#M8050 mikand 2012-02-22T18:20:08Z https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10917#M8051 <HTML><HEAD></HEAD><BODY><P>Product Management is working to make the dependencies more intuitive but there is no definite target release that I am aware of. Check with Sales, they deal with future features and enhancements.</P><P></P><P>For now you have two choices.</P><P></P><P>1) Create a policy for all dependencies in one rule but include the destination IP or URL. This has limited success depending on the site, caching proxies and URL redirects</P><P></P><P>2) Create generic Web-browsing and SSL policies that allow this traffic and then create a separate policy for the application in question. Most of these apps start as web-browsing, then add an HTTPS (ssl) authentication aspect and then evolve into the new application.</P><P></P><P>Steve Krall</P></BODY></HTML> Wed, 22 Feb 2012 19:45:50 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10917#M8051 skrall 2012-02-22T19:45:50Z https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10918#M8052 <HTML><HEAD></HEAD><BODY><P>Hi all.</P><P></P><P>Thank for your great information.</P><P></P><P>i hope that PA will has enhanced this issue as quickly as possible.</P><P></P><P>thanks guys.</P></BODY></HTML> Fri, 24 Feb 2012 07:16:44 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-of-application-dependency-for-security-rule/m-p/10918#M8052 willstech 2012-02-24T07:16:44Z