https://live.paloaltonetworks.com/t5/general-topics/negate-please/m-p/11671#M8574 <HTML><HEAD></HEAD><BODY><P>Please open a ticket with your 3rd party support. The 3rd party will make a feature request will with concerned sales team..</P></BODY></HTML> Thu, 06 Sep 2012 22:04:45 GMT sdurga 2012-09-06T22:04:45Z https://live.paloaltonetworks.com/t5/general-topics/negate-please/m-p/11668#M8571 <HTML><HEAD></HEAD><BODY><P>I am running PanOS 4.1.7, migrating from a Checkpoint R75 platform.&nbsp;&nbsp; I have a lot of rules in place, but we are heavy into excpetions.&nbsp; I keep running into situations that would be very easy to handle if I simply had the Negate option.</P><P></P><P>For example, I have a rule that allows domain users out to specific web apps using my URL filtering, along with data filtering, and other policies in a single rule.</P><P></P><P>I have around 20 of these rules based on AD user group.</P><P></P><P>Below these rules, I block access to the Internet.&nbsp; If someone fires up a non domain VMware guest and uses a bridged connection, they basically get no Internet access.</P><P></P><P>At the top and then in the middle of these rules, I have application filters blocking apps such as proxy, DNS, video, audio, etc.&nbsp;&nbsp; The location is based on which users can use these apps.</P><P></P><P>The problem is I need to block things like http-audo and http-video, yet exclude specific sites from this blocking for everyone.&nbsp; </P><P></P><P>Life would be a lot easier if I could block using an application filter, while negating my URL custom category of "white listed sites."&nbsp;&nbsp;&nbsp; Or if I could create a rule that blocks by application filter to all users while negating a specific AD user group.</P><P></P><P>I know how to make this work with 4.1.7, I just really would love to see more Negate options in future releases.</P></BODY></HTML> Wed, 29 Aug 2012 21:00:02 GMT https://live.paloaltonetworks.com/t5/general-topics/negate-please/m-p/11668#M8571 EdwinD 2012-08-29T21:00:02Z https://live.paloaltonetworks.com/t5/general-topics/negate-please/m-p/11669#M8572 <HTML><HEAD></HEAD><BODY><P>Feedback of this nature is very important to us.&nbsp; Your feedback is what allows us deliver a stronger product.&nbsp; Have you discussed submitting feature requests of this nature with your Palo Alto Networks SE or Account Team?</P></BODY></HTML> Tue, 04 Sep 2012 23:34:48 GMT https://live.paloaltonetworks.com/t5/general-topics/negate-please/m-p/11669#M8572 bvandivier 2012-09-04T23:34:48Z https://live.paloaltonetworks.com/t5/general-topics/negate-please/m-p/11670#M8573 <HTML><HEAD></HEAD><BODY><P>To be honost, I'm not sure how to do this.&nbsp; I have Palo Alto Networks support through a 3rd party.&nbsp; Is there a formal feature request document, or do I just pass it on through my 3rd party support?</P><P></P><P>Thank you.</P></BODY></HTML> Thu, 06 Sep 2012 21:41:31 GMT https://live.paloaltonetworks.com/t5/general-topics/negate-please/m-p/11670#M8573 EdwinD 2012-09-06T21:41:31Z https://live.paloaltonetworks.com/t5/general-topics/negate-please/m-p/11671#M8574 <HTML><HEAD></HEAD><BODY><P>Please open a ticket with your 3rd party support. The 3rd party will make a feature request will with concerned sales team..</P></BODY></HTML> Thu, 06 Sep 2012 22:04:45 GMT https://live.paloaltonetworks.com/t5/general-topics/negate-please/m-p/11671#M8574 sdurga 2012-09-06T22:04:45Z