I don't really get the application dependency. I had a case at my customer. They asked me to allow gmail-base application, so I made security policy. But when I committed the settings a popup appeared that told me that additional applications should be allowed.
Like smtp, imap, pop3, ssl. But I don't want to allow them. How can I do this?
Yes you can go ahead and configure a deny rule to drop smtp, imap, and pop3.
You don't need them normally for gmail-base, unless you have a specific requirement.
There is different way to access gmail.
1. Through a web-browser.
2. Through imap, smtp, pop3 mail client ( Example-microsoft outlook)
To access through browser, only ssl ( for https://gmail.com --- port 443) and web-browsing ( http://gmail.com----port 80) will be enough as a dependent application. Need not to allow all dependent applications unless you are using it.
Explain your customer, if he only wants to access gmail through a browser, then he can allow SSL and web-browsing application along with gmail-base. He can safely ignore the dependency warning for smtp, pop3 and imap. :smileyhappy:
Here is an example, while i am accessing https://gmail.com through a browser.
Hope this helps.
thank you. But if I make a security policy to allow only web-browsing and ssl, the gmail-base will be dropped. And if I add to this policy gmail-base, a dependency warning appears by commit.
This is expected. If you make a security policy to allow only web-browsing and ssl, then gmail-base traffic will be dropped. Once you will add Application=gmail-base on that security policy, you can safely ignore the dependency warning for smtp, pop3 and imap.
thank you Hulk.
Ok, but after I add the gmail-base application without the other applications smtp, imap, pop3, I will get the warning every time I make the commit ?
Could you please let me know the PAN-OS and Application database version running on your device. I am using PAN OS 6.0.1 and not getting any warning, even if i have only gmail-base and ssl application added into the policy. ( As per my knowledge, 5.0.x onwards the warning message will not appear during commit)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!