- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-18-2021 09:47 AM
I am trying to setup prelogon and have a question about the sec policies described in Step 2 of this guide: https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-quick-configs/...
I assume the source zone would be VPN (applied to tunnel) and the destination zone is Trusted (internal) - correct?
Then for permitted applications I added AD, DHCP, DNS and ms-update. The right column notes dependencies. But I believe that when you add the application that those dependencies are automatically added - correct? I don't need to add those manually. Does this look like all I'd need for the prelogon security policy?
04-19-2021 10:50 PM
Some applications are Implicitly added but some need to be explicitly added. Please check :
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK
When you commit the palo Alto will tell you so no worry, you will know if something needs to be explicitly added if you just pay attention.
04-20-2021 09:34 AM
The firewall is only going to list app-ids that are dependent on other app-ids being allowed, and not what they implicitly use. You can go through applipedia and do some validation checks, but generally speaking you'll need to ensure that those dependent app-ids are allowed to ensure the traffic works as intended.
04-19-2021 10:50 PM
Some applications are Implicitly added but some need to be explicitly added. Please check :
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK
When you commit the palo Alto will tell you so no worry, you will know if something needs to be explicitly added if you just pay attention.
04-20-2021 09:34 AM
The firewall is only going to list app-ids that are dependent on other app-ids being allowed, and not what they implicitly use. You can go through applipedia and do some validation checks, but generally speaking you'll need to ensure that those dependent app-ids are allowed to ensure the traffic works as intended.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!