07-31-2013 12:01 AM
I have an Application filter for Streaming Audio and have created a policy to block it. That's going well but I need to allow http-audio which falls under Streaming Audio for one specific site only.
I have created a URL Filtering security profile with just this URL in the allow list and then created a policy which allows http-audio with the URL filtering profile above my block profile but http-audio from any on the internet can still be played.
Any ideas on how I could get this working would be great.
I'm on software version 5.0.4.
07-31-2013 06:39 AM
Create a Custom URL category for this website which includes :
smpte.org
*.smpte.org
Try using the above category in the Specific security-rule configured to allow this website.
07-31-2013 08:30 AM
Check what policy is the other traffic hitting.
Also make sure that the application is showing up as http-aduio in the traffic logs and not as incomplete or insufficient.
If it is showing up as as of the above that does not mean that the traffic is allowed. Please see the doc below for the the definition of them.
https://live.paloaltonetworks.com/docs/DOC-1549
Hope this helps.
08-01-2013 12:23 AM
Hi Nadir,
I tried creating the Custom URL Category with the URLS for the website but it didn't work, all http-audio including for the ones played from this website ended up getting blocked.
thanks
08-01-2013 01:05 AM
rmonvon and mbutt, it's hitting the smpte policy that's allowing it to play.
In the Traffic logs, they are being classed as http-audio but when I look at the URL Filtering logs, the application is showing web-browsing.
Here are the URL Log screenshots.
I don't have the screenshots of the traffic logs to show that they are being classified as http-audio but i'll update the ticket with some of the screenshots as well.
thanks
08-01-2013 12:42 PM
Looking at the log details, the rule 'Internet Access' is permitting the web-browsing traffic. I think at the start of the request, the app is identified as web-browsing and the 'Internet Access' rule is allowing it. The domain is Once the traffic is identified as app=http-audio, it is denied by rule 'Eugene http-audio test'.
I would suggest changing the rule to allow app=http-audio,web-browsing and dest=custom category containing ww.smpte.org and if that would work. Thanks.
08-01-2013 05:02 PM
I think it would be best if you look at the session as well. It is quite possible that intiially the traffic is allowed but once the application is determined traffic is getting blocked.
However you can try rmonvon suggestions and see what happens. If that doesnt work then you will need to gather the following
1. Techsupport
2. running config
3. Pcap of the traffic
4. traffic logs
and open a case with support to verify if the signatures for http-audio are up to date.
hope this helps.
thanks
08-11-2013 11:44 PM
Hi,
Yes, I'm applying the URL profile on the security rule
08-11-2013 11:46 PM
Hi rmonvon,
Once I did that all http-audio seemed to work, no matter which url it was.
I will be raising the case with tech support.
Thanks all for you help. Sorry it took me while to get back to you all.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
