Application dependency Warning

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L4 Transporter

Application dependency Warning

Hello,

 

We implemented the blocking policy for the custom URL categories however now once committed we receive commit warning like the following:

 

Application 'dropbox-base' requires 'web-browsing' be allowed, but 'web-browsing' is denied in Rule 'outbound-advertisement-block'

Application 'google-drive-web' requires 'google-base' be allowed, but 'google-base' is denied in Rule 'outbound-advertisement-block'

 

The policies for Dropbox and Google drive are policy 14 and 19, and the advertisement block is 53.

 

Why would the allow policies above the deny policy be generating warning?

 

We have other deny policies and they do not generate the warning messages.

 

It’s just that we can’t really have the following showing every time we commit a change. It will blind us to actual issues...?

 

vsys1: Rule 'outbound ms-update' application dependency warning:

Application 'ms-update' requires 'ssl' be allowed

vsys1: Rule 'outbound_dropbox' application dependency warning:

Application 'dropbox-base' requires 'web-browsing' be allowed, but 'web-browsing' is denied in Rule 'outbound-advertisement-block'

Application 'dropbox-uploading' requires 'ssl' be allowed, but 'ssl' is denied in Rule 'outbound-advertisement-block'

Application 'dropbox-paper' requires 'ssl' be allowed, but 'ssl' is denied in Rule 'outbound-advertisement-block'

Application 'dropbox-paper' requires 'web-browsing' be allowed, but 'web-browsing' is denied in Rule 'outbound-advertisement-block'

Application 'dropbox-downloading' requires 'ssl' be allowed, but 'ssl' is denied in Rule 'outbound-advertisement-block'

Application 'dropbox-sharing' requires 'ssl' be allowed, but 'ssl' is denied in Rule 'outbound-advertisement-block'

Application 'dropbox-editing' requires 'ssl' be allowed, but 'ssl' is denied in Rule 'outbound-advertisement-block'

Application 'dropbox-posting' requires 'ssl' be allowed, but 'ssl' is denied in Rule 'outbound-advertisement-block'

vsys1: Rule 'Google Drive Access' application dependency warning:

Application 'google-drive-web' requires 'google-base' be allowed, but 'google-base' is denied in Rule 'outbound-advertisement-block'

Application 'google-drive-web' requires 'google-docs-base' be allowed, but 'google-docs-base' is denied in Rule 'outbound-advertisement-block'

Application 'google-drive-web' requires 'google-docs-editing' be allowed, but 'google-docs-editing' is denied in Rule 'outbound-advertisement-block'

Application 'google-drive-web' requires 'google-docs-uploading' be allowed, but 'google-docs-uploading' is denied in Rule 'outbound-advertisement-block'

vsys1: Rule 'Video Streaming RTMP Pull' application dependency warning:

Application 'rtmpt' requires 'web-browsing' be allowed, but 'web-browsing' is denied in Rule 'outbound-advertisement-block'

(Module: device)

 

Thanks in advance.


Accepted Solutions
Highlighted
L7 Applicator

did you create the 'outbound-advertisement-block' policy so the custom category is in the service/url category tab?

you could also block this category in a url filtering profile, which would make it possible for you to have an allow policy for web-browsing and ssl

alternatively you could set the applications for your block rule to 'any' 

 

the google drive and dropbox policies are generating warnings because they need a functioning web-browsing/ssl policy as these apps depend on having access to these before theyre able to be identified. 

Tom Piens - PANgurus.com
New to PAN-OS or getting ready to take the PCNSE? check out amazon.com/dp/1789956374

View solution in original post


All Replies
Highlighted
L7 Applicator

did you create the 'outbound-advertisement-block' policy so the custom category is in the service/url category tab?

you could also block this category in a url filtering profile, which would make it possible for you to have an allow policy for web-browsing and ssl

alternatively you could set the applications for your block rule to 'any' 

 

the google drive and dropbox policies are generating warnings because they need a functioning web-browsing/ssl policy as these apps depend on having access to these before theyre able to be identified. 

Tom Piens - PANgurus.com
New to PAN-OS or getting ready to take the PCNSE? check out amazon.com/dp/1789956374

View solution in original post

Highlighted
Cyber Elite

Hello @Farzana,

I get a ton of these as well. It seems that unless the dependencies are in the same policy, it will throw the warnings. I havent found a good way around it and honestly just treat it as a norm :(.

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!