https://live.paloaltonetworks.com/t5/general-topics/help-allowing-dll-files-for-vpn-users/m-p/342117#M85779 <P>Hi,</P><P>&nbsp;</P><P>Like everyone, we have a lot of folks working from home. We use a CRM system called Ajeera, and in order to load up the various modules, the client system downloads an app from the server, which includes a .dll file. In the office, it works just fine, over VPN the .dll file is blocked. (It's a "ClickOnce" app, which is a new term to me, but it seems to be relevant)</P><P>&nbsp;</P><P>I'm a little new to the firewall rules game, so I was hoping if someone could tell me if I'm on the right track. The model is PA-220, software is 9.0.9-h1. Nothing overly fancy about the setup.</P><P>&nbsp;</P><P>I created a new security policy, set the source as the server specifically (192.168.x.x./32), destination is VPN zone.</P><P>Added the group profile "internal", which includes the Internal FB security profile, which I see does not block .dll files.</P><P>&nbsp;</P><P>I assume I'll need to position this new policy above the policy that is blocking the .dll files. I've saved the config but not committed it. (Would this sort of change cause a reboot upon committing?)</P><P>&nbsp;</P><P>I'm obviously not looking for, "Hey, nice job, mate! You did it perfectly!" as there's tons of details missing.&nbsp; Just wondering if my logic is sound.&nbsp; Also wondering if committing will cause a reboot, that's not clear to me.</P><P>&nbsp;</P><P>Thanks!</P><P>Mike</P> Wed, 05 Aug 2020 00:18:21 GMT 10Thirteen 2020-08-05T00:18:21Z https://live.paloaltonetworks.com/t5/general-topics/help-allowing-dll-files-for-vpn-users/m-p/342117#M85779 <P>Hi,</P><P>&nbsp;</P><P>Like everyone, we have a lot of folks working from home. We use a CRM system called Ajeera, and in order to load up the various modules, the client system downloads an app from the server, which includes a .dll file. In the office, it works just fine, over VPN the .dll file is blocked. (It's a "ClickOnce" app, which is a new term to me, but it seems to be relevant)</P><P>&nbsp;</P><P>I'm a little new to the firewall rules game, so I was hoping if someone could tell me if I'm on the right track. The model is PA-220, software is 9.0.9-h1. Nothing overly fancy about the setup.</P><P>&nbsp;</P><P>I created a new security policy, set the source as the server specifically (192.168.x.x./32), destination is VPN zone.</P><P>Added the group profile "internal", which includes the Internal FB security profile, which I see does not block .dll files.</P><P>&nbsp;</P><P>I assume I'll need to position this new policy above the policy that is blocking the .dll files. I've saved the config but not committed it. (Would this sort of change cause a reboot upon committing?)</P><P>&nbsp;</P><P>I'm obviously not looking for, "Hey, nice job, mate! You did it perfectly!" as there's tons of details missing.&nbsp; Just wondering if my logic is sound.&nbsp; Also wondering if committing will cause a reboot, that's not clear to me.</P><P>&nbsp;</P><P>Thanks!</P><P>Mike</P> Wed, 05 Aug 2020 00:18:21 GMT https://live.paloaltonetworks.com/t5/general-topics/help-allowing-dll-files-for-vpn-users/m-p/342117#M85779 10Thirteen 2020-08-05T00:18:21Z https://live.paloaltonetworks.com/t5/general-topics/help-allowing-dll-files-for-vpn-users/m-p/342208#M85794 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/151215">@10Thirteen</a> ,</P> <P>&nbsp;</P> <P>Yes that sounds about right.</P> <P>A commit should not trigger a reboot ... that said, I've seen cases where commits disrupted traffic and/or even disconnect VPNs.&nbsp; So you might want to schedule this during a maintenance window.</P> <P>&nbsp;</P> <P>Cheers,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Wed, 05 Aug 2020 13:56:37 GMT https://live.paloaltonetworks.com/t5/general-topics/help-allowing-dll-files-for-vpn-users/m-p/342208#M85794 kiwi 2020-08-05T13:56:37Z