commit status warning part II

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

commit status warning part II

L4 Transporter

Here is another interesting commit status dependency warning

 

"Rule 14 application dependency warning: Application ms-update requires ssl be allowed but ssl is denied in rule 15. " Why is an application in the rule above getting on a rule below it?

5 REPLIES 5

Cyber Elite
Cyber Elite

ms-update uses ssl to connect to the Microsoft cloud to fetch updates (dependency on ssl), when you commit, the firewall will go look where it is able to match the dependency

 

This warning means that the first instance of ssl it encountered is a deny rule in rule 15 so it throws a warning you may potentially be blocking a dependency that could prevent ms-update from working properly

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper

so it a maybe it will maybe it won't situation

it requires the admin to review as it is not a showstopper but you need to be aware, it could 'break' updates for only a section of your network for example (if you block ssl for that section)

 

ideally the conflict is resolved but if you have conflicting requirements (eg ssl is forbidden by policy) you may need to 'live with' the consequences

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper

I guess when you can get so granular there are things you need to consider more closely before creating a rule

@jdprovine,

As you get more granular you certaintly need to take into account how your existing rules will interact with the rule that you are looking to create. This could mean that you also have to seriously think about how you are ordering your rulebase to ensure that everything actually works as planned. 

  • 2176 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!