This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

block flash

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

block flash

felixn
Not applicable

‎11-03-2011 03:33 PM

Hi

When I "deny" application "flash" - flash is not blocked, do I have it all wrong or?

Thanks

0 Likes Likes
16 REPLIES 16

jleung
L4 Transporter

‎11-04-2011 09:53 AM

Hi,

May I know how you test the flash blocking? Have you seen the traffic log showing flash as the app? If yes, what is action shown for flash?

Regards,

Jones

0 Likes Likes

FlexyZ
L3 Networker
In response to jleung

‎11-08-2011 12:42 AM

http://www.dr.dk -> contains a lot of flash objects, and none of those get blocked when I deny "flash" in the policies.

Traffic looks like "web-browsing" and no flash, but maybe this is not possible at all?

Thanks

0 Likes Likes

gswcowboy
L6 Presenter
In response to FlexyZ

‎11-08-2011 01:45 AM

What PANOS and App-Version are you running?

0 Likes Likes

FlexyZ
L3 Networker
In response to gswcowboy

‎11-08-2011 01:58 AM

I am running 4.1.0

Thanks

0 Likes Likes

gswcowboy
L6 Presenter
In response to FlexyZ

‎11-08-2011 02:00 AM

Thanks but what app-version is running on your Palo Alto?

0 Likes Likes

gswcowboy
L6 Presenter
In response to gswcowboy

‎11-08-2011 02:11 AM

Just ran the test on my end and I see that I'm blocking flash on that site previously mentioned.

802     flash          DISCARD FLOW  NS   192.168.85.134[4960]/L3-Trust/6  (10.30.6.85[10147])vsys1                                     195.137.194.128[80]/L3-Untrust  (195.137.194.128[80])

Running 4.1 and app-version 274. Here's my top deny rule for the app which is followed by allow policy.

rkalugdan@lab-85-PA2050> show running security-policy
rule1 {        from L3-Trust;        source any;        source-region any;        to L3-Untrust;        destination any;        destination-region any;        user any;        category any;        application/service flash/any/any/any;        action deny;}

Src_NAT {        from L3-Trust;        source any;        source-region any;        to L3-Untrust;        destination any;        destination-region any;        user any;        category any;        application/service any/any/any/any;        action allow;

0 Likes Likes

FlexyZ
L3 Networker
In response to gswcowboy

‎11-08-2011 02:14 AM

Is this what you are looking for

panupv2-all-contents-274-1169
panup-all-antivirus-607-821

Thanks

0 Likes Likes

gswcowboy
L6 Presenter
In response to FlexyZ

‎11-08-2011 02:19 AM

I was able to block flash per my previous comment and we're running the same content and panos version. I'd recommend calling Support or your Reseller to investigate as to why you're unable to block flash. Need to debug a littlte further.

0 Likes Likes

FlexyZ
L3 Networker
In response to FlexyZ

‎11-08-2011 02:25 AM

I just inserted this top-rule

rule1 {
        from trust-dev;
        source any;
        source-region any;
        to untrust;
        destination any;
        destination-region any;
        user any;
        category any;
        application/service flash/any/any/any;
        action deny;
}

rule4 {
        from trust-dev;
        source any;
        source-region any;
        to untrust;
        destination any;
        destination-region any;
        user any;
        category any;
        application/service any/any/any/any;
        action allow;
}

Or is my order wrong? - because flash objects is still shows on http://www.dr.dk

Thanks

0 Likes Likes

gswcowboy
L6 Presenter
In response to FlexyZ

‎11-08-2011 02:31 AM

are you not seeing any flash sessions being discarded when you generate the traffic?

0 Likes Likes

FlexyZ
L3 Networker
In response to gswcowboy

‎11-08-2011 02:39 AM

I only see "rule4" allow "web-browsing" for that site - nothing blocked (is my rules ok or?)

Thanks

0 Likes Likes

FlexyZ
L3 Networker
In response to gswcowboy

‎11-08-2011 03:04 AM

that seems blocked, but http://www.dr.dk still shows flash i crome, in IE it seems to be blocked.

can u try http://www.dr.dk in crome? and where can I see what is blocked?

0 Likes Likes

gswcowboy
L6 Presenter
In response to FlexyZ

‎11-08-2011 03:13 AM

I'm able to block flash content on FF, Chrome and IE for that site in question

0 Likes Likes
  • 6192 Views
  • 16 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks