11-06-2019 07:08 AM
Hi guys,
I'm using the FW-logs in order to transform the security policies from legacy services towards app-id.
ML logs are onto the system etc.
Analysing rules via: R-click / App-id adoption / retrieve app (slow-fast) works fine.
Fi. Apps Splunk, ms-kms are detected.
When I convert the rule using "App-ID reconciliation / recommended", the service is converted to the detected app-id as-is.
However application dependencies are not taken into account?
fi. Splunk depends on web-browing, sms-kms depends on msrpc-base. This is leading to non-working policies.
I'm using Expedition: 1.1.42 (VM) and 1.1.46.1 (Physical server) both have the same behavior, while I believe this used to work in previous versions?
Thanks a lot,
Filip Elsen
04-08-2020 07:20 AM
Thanks for pointing out that the recommended dependencies were missing in the contextual menu
01-30-2020 07:15 AM
any news on this?
Am I the only one using or experiencing this issue?
... in the meantime I'm running 1.1.53 with the same issue.
Thanks,
Filip
01-30-2020 08:14 AM
A related rule: were app-id adoption is performed
Next: app-id reconciliation:
resulting in following app-id adopted:
But it doesn't take into account dependencies:
As a result the connectivity would break, impact could be generated etc.
Does anyone has this issue?
Thanks,
Filip
02-03-2020 12:35 AM
Would it be possible to share the project with fwmigrate at paloaltnetworks dot com via Project->Settings->Export?
I would like to check if the issue is related to the application database being used in your project, what may not be up-to-date and does not know about the dependencies, or if it is actually an issue related to the code that fails to include the dependencies as well.
Let us know via email, and we will update the results here later on
02-03-2020 07:29 AM
Hi Didac,
Thanks for the feedback.
Mail sent with all details as requested.
Best regards,
Filip Elsen
03-30-2020 03:10 AM
Hi, thanks for updating Expedition.
As shown below, the issue is resolved!!
04-08-2020 07:20 AM
Thanks for pointing out that the recommended dependencies were missing in the contextual menu
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
