https://live.paloaltonetworks.com/t5/general-topics/block-from-old-browser-version/m-p/437694#M97473 <P>Thank you for posting question&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/182013">@holmegan</a></P> <P>&nbsp;</P> <P>If you would like to address an issue with different version of browsers and you are managing those clients, then there might be more elegant solution. For example to use an end point management to address this issue.</P> <P>&nbsp;</P> <P>If you are going to leverage Firewall for this task, then closest match I can think of for your requirement is to create a Custom Application or Vulnerability Signature, then match version in HTTP header, then link it to a policy to block it.</P> <P>&nbsp;</P> <P>Below are examples by using Custom Application as well as Vulnerability Signature:</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEdCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEdCAK</A></P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSOCA0" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSOCA0</A></P> <P>&nbsp;</P> <P>Note: In either case, you will have to enable decryption to get visibility into HTTPS traffic.</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> <P>&nbsp;</P> Thu, 30 Sep 2021 13:03:12 GMT PavelK 2021-09-30T13:03:12Z https://live.paloaltonetworks.com/t5/general-topics/block-from-old-browser-version/m-p/437274#M97472 <P>Hi Community,</P> <P>&nbsp;</P> <P>I work to create a role that should block old browser versions. But I have not found out this special point how you can say from a certain version that these are blocked and only allowed from the safe status.</P> <P>&nbsp;</P> <P>Is there a solution?</P> <P>&nbsp;</P> <P>Many thanks for your help</P> Wed, 29 Sep 2021 08:14:48 GMT https://live.paloaltonetworks.com/t5/general-topics/block-from-old-browser-version/m-p/437274#M97472 holmegan 2021-09-29T08:14:48Z https://live.paloaltonetworks.com/t5/general-topics/block-from-old-browser-version/m-p/437694#M97473 <P>Thank you for posting question&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/182013">@holmegan</a></P> <P>&nbsp;</P> <P>If you would like to address an issue with different version of browsers and you are managing those clients, then there might be more elegant solution. For example to use an end point management to address this issue.</P> <P>&nbsp;</P> <P>If you are going to leverage Firewall for this task, then closest match I can think of for your requirement is to create a Custom Application or Vulnerability Signature, then match version in HTTP header, then link it to a policy to block it.</P> <P>&nbsp;</P> <P>Below are examples by using Custom Application as well as Vulnerability Signature:</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEdCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEdCAK</A></P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSOCA0" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSOCA0</A></P> <P>&nbsp;</P> <P>Note: In either case, you will have to enable decryption to get visibility into HTTPS traffic.</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> <P>&nbsp;</P> Thu, 30 Sep 2021 13:03:12 GMT https://live.paloaltonetworks.com/t5/general-topics/block-from-old-browser-version/m-p/437694#M97473 PavelK 2021-09-30T13:03:12Z