Application Filters and dependencies - General Internet Use

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Application Filters and dependencies - General Internet Use

L0 Member

Hi

 

I've been following the instructions here: https://live.paloaltonetworks.com/t5/Blogs/What-are-the-recommended-applications-for-internet-access..., on setting up applications filter for controlling internet access. I've configured the application filter, and applied it to my security policy, but I receive a lot of dependency warnings when I validated the commit.

 

Is there a better way to deal with the dependencies rather then manually adding them to a application group and applying it to the policy?

 

 

 

 

2 REPLIES 2

Cyber Elite
Cyber Elite

@KarlVallis,

The validation process is kind of 'dumb' when you split things up into different application groups or different security policies, and there isn't much that you can do about it. Unless you go through and address the validation issues you can't supress them or anything like that, but depending on your security model they can usually be safetly ignored as long as it's simply the validation logic that is causing validation errors to be reported. 

PAN-OS 9.0 made some changes so that the validation process becomes a lot more streamlined, but I currently wouldn't recommend you run 9.0 in a production environment unless you absolutely need to for one of the new features it adds. 

Currently only specific "well known" applications handle the dependecies for you.  For many you will need to include them in the rule.

  • 3327 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!