02-29-2012 07:35 AM
Hello,
Sorry, but I hav implemented a brand New PAN solution with Url cat and AV license.
All configuration works find. I have a visitor zone on a DMZ and I want them to access Internet but with my Url Categorisation, so I can't let them use Remote access application.
I Have implemented a rulebase with
[...]
Name "Rule 30"
Src Zone "DMZ"
Src "DmzUserNetwork-1" & "DmzUserNetwork-2 "
Dst Zone "Internet"
Dst "Any"
Application: "Logmein" & "tcp-over-dns" & application group "peer-to-peer" => App-group have all filtered apps with catégorie p2p
Profil "None"
Action Drop
Name "Rule 50"
Src Zone "DMZ"
Src "DmzUserNetwork-2"
Dst Zone "Internet"
Dst "Any"
Application "Any"
Profil "Service Group MyProtectedPol" (=> AV, Url-cat, and Malware rules)
Action Allow
[...]
The point is that from a device connected in DmzUserNetwork-2, when I try to connect the web browser to logmein service, PAN Monitor show me an allowed connexion based on rule 50. Rule 30 is Enabled, and placed before Rule 50. It seems that the firewall doesn't applied denied rule. Note that I have already commited config and saved.
Do you have any suggestions?
Thanks, BR.
03-01-2012 02:10 AM
Hello Team,
Seems that upgrade from 4.1.1 to 4.1.3 resolved the case.
No changes on the rulebase. But now, the Ref "Rule 30" drop rule is correctly interpreted and logmein trafic is dropped.
BR,
David
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
