gmail-base without smtp, pop3, imap applications

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

gmail-base without smtp, pop3, imap applications

L1 Bithead


I don't really get the application dependency. I had a case at my customer. They asked me to allow gmail-base application, so I made security policy. But when I committed the settings a popup appeared that told me that additional applications should be allowed.

Like smtp, imap, pop3, ssl. But I don't want to allow them. How can I do this?



L1 Bithead

The only way is to paste a Deny rule that drops all smtp, imap, and pop3. Is that right?

Yes you can go ahead and configure a deny rule to drop smtp, imap, and pop3.

You don't need them normally for gmail-base, unless you have a specific requirement.

L7 Applicator

Hello RudTor,

There is different way to access gmail.

1. Through a web-browser.

2. Through imap, smtp, pop3 mail client ( Example-microsoft outlook)

To access through browser, only ssl ( for --- port 443) and web-browsing ( 80) will be enough as a dependent application. Need not to allow all dependent applications unless you are using it.

Explain your customer, if he only wants to access gmail through a browser, then he can allow SSL and web-browsing application along with gmail-base. He can safely ignore the dependency warning for smtp, pop3 and imap. Smiley Happy


Here is an example, while i am accessing through a browser.


Hope this helps.


Hello Hulk,

thank you. But if I make a security policy to allow only web-browsing and ssl, the gmail-base will be dropped. And if I add to this policy gmail-base,  a dependency warning appears by commit.

Hello RudTor,

This is expected. If you make a security policy to allow only web-browsing and ssl, then gmail-base traffic will be dropped. Once you will add Application=gmail-base on that security policy, you can safely ignore the dependency warning for smtp, pop3 and imap.


thank you Hulk.

Ok, but after I add the gmail-base application without the other applications smtp, imap, pop3, I will get the warning every time I make the commit ?


Hello RudTor

Could you please let me know  the PAN-OS and Application database  version running on your device. I am using PAN OS 6.0.1 and not getting any warning, even if i have only gmail-base and ssl application added into the policy. ( As per my knowledge, 5.0.x onwards the warning message will not appear during commit)





Its PANOS 6.0.1.




I think that you don't get any warning because of your rule nr.2 where you are allow any to any

Hello RudTor,

I am sorry, in my case there was a any any=Allow policy and that is why it was not showing any warning. Now i am also getting the same warning message.


  • 10 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!