gmail-base without smtp, pop3, imap applications

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

gmail-base without smtp, pop3, imap applications

L1 Bithead

Hello,

I don't really get the application dependency. I had a case at my customer. They asked me to allow gmail-base application, so I made security policy. But when I committed the settings a popup appeared that told me that additional applications should be allowed.

Like smtp, imap, pop3, ssl. But I don't want to allow them. How can I do this?

thanks

10 REPLIES 10

L1 Bithead

The only way is to paste a Deny rule that drops all smtp, imap, and pop3. Is that right?

Yes you can go ahead and configure a deny rule to drop smtp, imap, and pop3.

You don't need them normally for gmail-base, unless you have a specific requirement.

L7 Applicator

Hello RudTor,

There is different way to access gmail.

1. Through a web-browser.

2. Through imap, smtp, pop3 mail client ( Example-microsoft outlook)

To access through browser, only ssl ( for https://gmail.com --- port 443) and web-browsing ( http://gmail.com----port 80) will be enough as a dependent application. Need not to allow all dependent applications unless you are using it.


Explain your customer, if he only wants to access gmail through a browser, then he can allow SSL and web-browsing application along with gmail-base. He can safely ignore the dependency warning for smtp, pop3 and imap. Smiley Happy

gmail-applepedia.JPG.jpg

Here is an example, while i am accessing https://gmail.com through a browser.

gmail-traffic-log.JPG.jpg

Hope this helps.

Thanks

Hello Hulk,

thank you. But if I make a security policy to allow only web-browsing and ssl, the gmail-base will be dropped. And if I add to this policy gmail-base,  a dependency warning appears by commit.

Hello RudTor,

This is expected. If you make a security policy to allow only web-browsing and ssl, then gmail-base traffic will be dropped. Once you will add Application=gmail-base on that security policy, you can safely ignore the dependency warning for smtp, pop3 and imap.

Thanks

thank you Hulk.

Ok, but after I add the gmail-base application without the other applications smtp, imap, pop3, I will get the warning every time I make the commit ?

Thanks

Hello RudTor


Could you please let me know  the PAN-OS and Application database  version running on your device. I am using PAN OS 6.0.1 and not getting any warning, even if i have only gmail-base and ssl application added into the policy. ( As per my knowledge, 5.0.x onwards the warning message will not appear during commit)


FYI:


test-1.JPG.jpg


Thanks

Hello,

Its PANOS 6.0.1.

paloaltoFW.jpg

paloaltoFW_Warning.jpg

Hulk,

I think that you don't get any warning because of your rule nr.2 where you are allow any to any

Hello RudTor,

I am sorry, in my case there was a any any=Allow policy and that is why it was not showing any warning. Now i am also getting the same warning message.

Thanks

  • 5307 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!