08-06-2019 05:56 AM
Hi
I've been following the instructions here: https://live.paloaltonetworks.com/t5/Blogs/What-are-the-recommended-applications-for-internet-access..., on setting up applications filter for controlling internet access. I've configured the application filter, and applied it to my security policy, but I receive a lot of dependency warnings when I validated the commit.
Is there a better way to deal with the dependencies rather then manually adding them to a application group and applying it to the policy?
08-06-2019 10:24 AM
The validation process is kind of 'dumb' when you split things up into different application groups or different security policies, and there isn't much that you can do about it. Unless you go through and address the validation issues you can't supress them or anything like that, but depending on your security model they can usually be safetly ignored as long as it's simply the validation logic that is causing validation errors to be reported.
PAN-OS 9.0 made some changes so that the validation process becomes a lot more streamlined, but I currently wouldn't recommend you run 9.0 in a production environment unless you absolutely need to for one of the new features it adds.
08-07-2019 09:32 AM - edited 08-07-2019 09:35 AM
Currently only specific "well known" applications handle the dependecies for you. For many you will need to include them in the rule.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
