Today I have to add MS Lync to be allowed from VPN. Sound simple.
So I add to security rule ms-lync
but during commit I get warnings:
ok, I added ms-lync-online but I get another warning:
DO I really need to add every particular aplication by hands?
We pay for support and expect easy to use PAN.
Second problem is that I alredy have few security policies that have a list to aplications (from dependencies) that takes a half of my laptop screen.
Why te aplication column show every plaication that is on the list, why after ie. 3 of it doesn't show "...." or "+" that after click will show complete list of aplication?
Please give me advice how to manage this problem
Sorry for my bad english.
With recent versions (don't know exactly when it was introduced) the dependencies are added automatically, but stay hidden.
In my experience you'll probably have to add generic dependencies (web-browsing, ssl). Otherwise there's no traffic to inspect, so app-id will not recognize a particular app.
we also have this messages after commits. But, you can ignore them. Lync is also firewalled in our environment and the dependency are really huge... all dependencies are not required!
We are really just allowing what is required and do ignore the messages...
So, don't worry - Dependency is a never ending story
I feel like the rule interface could be leveraged better to support Applications/Dependencies. If there were an icon in each rule's Applications list that could pop up a new window showing dependencies for the included Applications, then a quick 'add all dependencies' button could be provided and perhaps an 'ignore dependency warnings for this rule' button. The problem with 'just ignoring them' is problematic when the results window becomes dozens or hundreds of lines of these warnings. It is too easy to miss something important.
I don't agree with You. According to applipedia my policy should like:
and I have exactly this aplication in policy, but every commit it complaining about next aplication that's are needed by dependencies. This makes a lot of confusion.
As a Hithead wrote - with thouse 5 aplication MS lync working properly - so why PAN asking for more? maybe this is an issiue?
PA technicians - could you explain us?
Like Frank wrote - we can't ignore every message (but we will do when we have in many policies dependencies twhich have not been met) during commit. There is a lot of usefull information.
Could someone who is using beta of PAN 6.0 could confirm that in 6.x it will be better solved?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!