block flash

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

block flash

Not applicable

Hi

When I "deny" application "flash" - flash is not blocked, do I have it all wrong or?

Thanks

16 REPLIES 16

L4 Transporter

Hi,

May I know how you test the flash blocking? Have you seen the traffic log showing flash as the app? If yes, what is action shown for flash?

Regards,

Jones

http://www.dr.dk -> contains a lot of flash objects, and none of those get blocked when I deny "flash" in the policies.

Traffic looks like "web-browsing" and no flash, but maybe this is not possible at all?

Thanks

What PANOS and App-Version are you running?

I am running 4.1.0

Thanks

Thanks but what app-version is running on your Palo Alto?

Just ran the test on my end and I see that I'm blocking flash on that site previously mentioned.

802     flash          DISCARD FLOW  NS   192.168.85.134[4960]/L3-Trust/6  (10.30.6.85[10147])vsys1                                     195.137.194.128[80]/L3-Untrust  (195.137.194.128[80])

Running 4.1 and app-version 274. Here's my top deny rule for the app which is followed by allow policy.

rkalugdan@lab-85-PA2050> show running security-policy
rule1 {        from L3-Trust;        source any;        source-region any;        to L3-Untrust;        destination any;        destination-region any;        user any;        category any;        application/service flash/any/any/any;        action deny;}

Src_NAT {        from L3-Trust;        source any;        source-region any;        to L3-Untrust;        destination any;        destination-region any;        user any;        category any;        application/service any/any/any/any;        action allow;

Is this what you are looking for

panupv2-all-contents-274-1169
panup-all-antivirus-607-821

Thanks

I was able to block flash per my previous comment and we're running the same content and panos version. I'd recommend calling Support or your Reseller to investigate as to why you're unable to block flash. Need to debug a littlte further.

I just inserted this top-rule

rule1 {
        from trust-dev;
        source any;
        source-region any;
        to untrust;
        destination any;
        destination-region any;
        user any;
        category any;
        application/service flash/any/any/any;
        action deny;
}

rule4 {
        from trust-dev;
        source any;
        source-region any;
        to untrust;
        destination any;
        destination-region any;
        user any;
        category any;
        application/service any/any/any/any;
        action allow;
}

Or is my order wrong? - because flash objects is still shows on http://www.dr.dk

Thanks

are you not seeing any flash sessions being discarded when you generate the traffic?

I only see "rule4" allow "web-browsing" for that site - nothing blocked (is my rules ok or?)

Thanks

Try this site.

http://waterlife.nfb.ca/

that seems blocked, but http://www.dr.dk still shows flash i crome, in IE it seems to be blocked.

can u try http://www.dr.dk in crome? and where can I see what is blocked?

I'm able to block flash content on FF, Chrome and IE for that site in question

  • 6729 Views
  • 16 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!