This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

gmail-base without smtp, pop3, imap applications

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

gmail-base without smtp, pop3, imap applications

RudolfTorvenyi
L1 Bithead

‎04-01-2014 05:20 AM

Hello,

I don't really get the application dependency. I had a case at my customer. They asked me to allow gmail-base application, so I made security policy. But when I committed the settings a popup appeared that told me that additional applications should be allowed.

Like smtp, imap, pop3, ssl. But I don't want to allow them. How can I do this?

thanks

0 Likes Likes
10 REPLIES 10

RudolfTorvenyi
L1 Bithead

‎04-01-2014 05:58 AM

The only way is to paste a Deny rule that drops all smtp, imap, and pop3. Is that right?

0 Likes Likes

prb
L3 Networker
In response to RudolfTorvenyi

‎04-01-2014 06:32 AM

Yes you can go ahead and configure a deny rule to drop smtp, imap, and pop3.

You don't need them normally for gmail-base, unless you have a specific requirement.

0 Likes Likes

HULK
L7 Applicator

‎04-01-2014 07:15 AM

Hello RudTor,

There is different way to access gmail.

1. Through a web-browser.

2. Through imap, smtp, pop3 mail client ( Example-microsoft outlook)

To access through browser, only ssl ( for https://gmail.com --- port 443) and web-browsing ( http://gmail.com----port 80) will be enough as a dependent application. Need not to allow all dependent applications unless you are using it.


Explain your customer, if he only wants to access gmail through a browser, then he can allow SSL and web-browsing application along with gmail-base. He can safely ignore the dependency warning for smtp, pop3 and imap. Smiley Happy

gmail-applepedia.JPG.jpg

Here is an example, while i am accessing https://gmail.com through a browser.

gmail-traffic-log.JPG.jpg

Hope this helps.

Thanks

RudolfTorvenyi
L1 Bithead
In response to HULK

‎04-01-2014 07:29 AM

Hello Hulk,

thank you. But if I make a security policy to allow only web-browsing and ssl, the gmail-base will be dropped. And if I add to this policy gmail-base,  a dependency warning appears by commit.

0 Likes Likes

HULK
L7 Applicator
In response to RudolfTorvenyi

‎04-01-2014 07:37 AM

Hello RudTor,

This is expected. If you make a security policy to allow only web-browsing and ssl, then gmail-base traffic will be dropped. Once you will add Application=gmail-base on that security policy, you can safely ignore the dependency warning for smtp, pop3 and imap.

Thanks

RudolfTorvenyi
L1 Bithead
In response to HULK

‎04-01-2014 07:51 AM

thank you Hulk.

Ok, but after I add the gmail-base application without the other applications smtp, imap, pop3, I will get the warning every time I make the commit ?

Thanks

0 Likes Likes

HULK
L7 Applicator
In response to RudolfTorvenyi

‎04-01-2014 08:05 AM

Hello RudTor


Could you please let me know  the PAN-OS and Application database  version running on your device. I am using PAN OS 6.0.1 and not getting any warning, even if i have only gmail-base and ssl application added into the policy. ( As per my knowledge, 5.0.x onwards the warning message will not appear during commit)


FYI:


test-1.JPG.jpg


Thanks

0 Likes Likes

RudolfTorvenyi
L1 Bithead
In response to HULK

‎04-01-2014 08:14 AM

Hello,

Its PANOS 6.0.1.

paloaltoFW.jpg

paloaltoFW_Warning.jpg

0 Likes Likes

RudolfTorvenyi
L1 Bithead
In response to HULK

‎04-01-2014 08:22 AM

Hulk,

I think that you don't get any warning because of your rule nr.2 where you are allow any to any

0 Likes Likes

HULK
L7 Applicator
In response to RudolfTorvenyi

‎04-01-2014 08:25 AM

Hello RudTor,

I am sorry, in my case there was a any any=Allow policy and that is why it was not showing any warning. Now i am also getting the same warning message.

Thanks

0 Likes Likes
  • 6436 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks