my customer have some of this requirments, can palo alto do this stuff:
1.can palo alto block specific user in social media like facebook. example: block user name contains john? or block twitter user?
2. Block google ads?
3. Block specific youtube channel, example: block youtube channel based on parameter Age-restricted content? or block porn video on tumblr?
4. block upload video on youtube with name contain "SEX"
5.Block downlod spesific apps on Apps Store & google play?
1. You can permit/deny social media for specific users. Also using data filtering capability you can use regex pattern and if this is found in the flow then session is killed.
2. Check web-advertisement URL category. Why just Google Ads?
3. Check Safe Search capabilities https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/url-filtering/safe-search-enforcemen...
4. Regex pattern has to be at least 7 byte string so 7 characters. Just 3 characters is not enough.
5. Palo Alto had MDM for this purpouse that is end of life. Check AirWatch http://www.vmware.com/products/enterprise-mobility-management.html
1) Yes, depending on your use case it may be easy to set a block rule for everyone and then above that create an allow rule for specific users.
2) You can block ads and attempt to locate google ads urls or IP addresses to block just them, but generally you would just block ads all together.
3) Not really all that possible, more of a Grou Policy or DNS thing than anything that you would do with a firewall.
4) Like already stated you would need to match a Regex to do this, and since it needs at least 7 characters to match (because smaller would cause false positives) you couldn't do it that specifically.
5) More of a thing for an MDM, you could potentially do a URL filtering policy and explicity block their store pages but this would be highly involved and would likely change often.
It really sounds like your clients are looking to do things with a firwall that is far more closely related to establishing proper Group Policy and other solutions. The old 'use the right tool for the job' would fit in here. Hypothetically you CAN do most of these things if your willing to spend a lot of time doing it and maintaning it, but it really is more of a group policy and human resource issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!