Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-07-2017 05:09 PM
I need to block webbrowsing but allow other apps which has web dependency.
Trust to untrust - all allowed. But when I deny webbrowsing from trust to untrust other apps like skype stops working.
Requirement is only web-proxy ip is allowed webbrowsing from trust to untrust.
How do we overcome this issue.
05-07-2017 08:03 PM - edited 05-07-2017 08:04 PM
You can't allow apps that depend on web-browsing and block web-browsing at the same time.
There are few exeptions. One example is Facebook. Based on SSL certificate Palo can identify it and let it through even if web-browsing is blocked.
But usually HTTP GET follows TCP 3way handshake and based on server reply traffic is identified as web-browsing. Exact application is identified later when more traffic is seen.
Year ago when I troubleshot Captive Portal issue I saw that Skype sent HTTP GET to conn.skype.com (there might be more but this is what Skype was hammering when Captive Portal was blocking traffic) so if you look where your apps connect to you might be able to create custom URL category and permit only those limited sites.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
