- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-16-2014 03:57 AM
Hi Gents,
I would like to configure palo Alto to block internet access via opera web browsers, as this browser can bypass my web-filter.
my Palo Alto License is only for Antivirus, Anti-Spyware, and Anti Vulnerability.
Regards,
08-18-2014 09:57 AM
There is an app, opera-mini, which will detect the Opera Mini browser. Opera mini operates by using a proxy server over SSL to retrieve all content. Enabling SSL decryption will break the connection so layer 7 inspection of this traffic is not possible. To block access just create a security policy with the opera-mini application and set the action to deny.
This application also covers the desktop Opera browser when used in the offroad mode.
08-16-2014 04:26 AM
Palo Alto web filtering does not rely on any browser configuration. Instead you would need to place the firewall in the final path that the traffic must cross on the way to the internet. If the traffic crosses the firewall then a web filtering policy can be applied to the appropriate rule for the users.
The browser in use is not relevant, the web browsing traffic will be filtered per the configured rule.
08-18-2014 09:57 AM
There is an app, opera-mini, which will detect the Opera Mini browser. Opera mini operates by using a proxy server over SSL to retrieve all content. Enabling SSL decryption will break the connection so layer 7 inspection of this traffic is not possible. To block access just create a security policy with the opera-mini application and set the action to deny.
This application also covers the desktop Opera browser when used in the offroad mode.
08-19-2014 03:45 AM
Thanks mate, great work.
it works very well.
08-19-2014 05:37 PM
In addition.. food for future thought.
When a web browser connects to any website, it sends what the browser is and version in the HTTP headers. You may be able to create a custom application which matches on that information and blocks it. You would want to test thoroughly but it may be possible.
You could also use the regex in the dlp engine to attempt this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!