google applications versus localization

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

google applications versus localization

L1 Bithead

Hey guys,

I have a theoretical question regarding a issue i had today.

A user called and said that google-translate was blocked. I couldn't understand that, since i knew that we've allowed that.

I went to http://translate.google.com and sure enough, "Application Blocked".

I went to the monitor tab on the firewall web interface and set a filter for google-translate applications. I was surprised to see that allow/deny actions were 50/50. Some users got a allow, others a deny.

Eventually, by accident, i opened a new browser window and navigated to http://translate.google.dk

We're based in Denmark, so thats the TLD for us.

And woop woop, no problems there.

So I've told my users to use the .dk extension instead..

But what is happening? Why is google's localization system interfering with my application rules ??

1 accepted solution

Accepted Solutions

L4 Transporter

We have identified the issue and are working to provide a fix in the next content version.

Content version 259 introduced two new application functions for google-translate, one each for auto and manual.

But traffic to the landing page is neither of these, and may be blocked if you have a deny-all rule at the bottom.

As a workaround, you can revert to content version 258, or, you can create a custom app with a different name (e.g. custom-google-translate) that looks for the pattern “translate.google.com” in the http-req-host-header, and add that app to the allow rule.

View solution in original post

15 REPLIES 15

Not applicable

It appears that in the 259-1078 application signatures dated 2 Aug 2011, Google Translate may be identified as google-translate or google-plus-base.  With these application signatures, even if the google-translate application is permitted, you may still be getting blocks.

In addition, google-translate has been branched out into 3 applications in this version:  google-translate, google-translate-auto and google-translate-manual.  http://translate.google.com is blocked even allowing all 3 applications.

I'd just add, that 3 indepent users have reported that untill today they had no issues whatsoever, with translate.google.com

So an error in the update would seem likely

Not applicable

i'm having the same issue with google-translate is allowed but it is still being blocked.  I have allowed google-plus-base as well and it is still being blocked.  I'm opening a case with support to get this hot-fixed.

thanks

The status of the case I created yesterday, after being escalated, is "Researching."

im in phone queue.  amazing the number of my users that are actually using google translate

L4 Transporter

We have identified the issue and are working to provide a fix in the next content version.

Content version 259 introduced two new application functions for google-translate, one each for auto and manual.

But traffic to the landing page is neither of these, and may be blocked if you have a deny-all rule at the bottom.

As a workaround, you can revert to content version 258, or, you can create a custom app with a different name (e.g. custom-google-translate) that looks for the pattern “translate.google.com” in the http-req-host-header, and add that app to the allow rule.

L2 Linker

Same issue here, waiting for a fix. Any word from Palo Alto?

This is all fine and dandy.. But what about the localization?

We got http://translate.google.co.uk working, but not .com

Why does the PA differenciate between those two?

google translate can be/is a proxy avoidance engine. common issue with machine translation sites.

go to translate.google.com. enter the URL for a blocked site (use an english language one). manually set source language to a non-english lanauage. translate the site. you should see blocked site.

google translate won't translate english to english if it is in "automatic" mode. so if you can turn that off manual mode via PAN, you will reduce the cases of proxy avoidance.

n.

L2 Linker

They didn't release a fix overnight, so we rolled back the update. Expected faster response from PAN. I guess someone said "Screw it, it's 5PM, I'm going home" 😞

"We have identified the issue and are working to provide a fix in the next content version.

Content version 259 introduced two new application functions for google-translate, one each for auto and manual.  But traffic to the landing page is neither of these, and may be blocked if you have a deny-all rule at the bottom.

As a workaround, you can revert to content version 258, or, you can create a custom app with a different name (e.g. custom-google-translate) that looks for the pattern “translate.google.com” in the http-req-host-header, and add that app to the allow rule. "

----------------------------------

We have chosen to revert to version 258.

This too will be addressed in the next content update.

L1 Bithead

What is the time frame for the next "content update" ?

+1 !!!

Got many people blocked here !

  • 1 accepted solution
  • 5759 Views
  • 15 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!