GZIP File - Google Translate

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
L4 Transporter

I know this workaround. but the problem is, I cannot select google-translate as application. Don't want to allow gzip with all applications...

Highlighted
L4 Transporter

Create a new ACL line which matches on Google Maps and Google Translate. Create a new File Blocking profile for that rule which allows GZIP.

This will allow you to let GZIP work for these apps but the rest of the traffic will match on your previous rules.

Highlighted
L4 Transporter

thank you for your comments guys, but I know this kind of workarounds.

I like to know, if PAN is responsible for this change or Google? And regardless if PAN is able to modify the apps and include gzip as 'necessary'.

Highlighted
L4 Transporter

That is hard to answer depending on many variables.

For example, maybe Google was using TLS1.2 but your PAN was not yet at the version which added 1.2 support so it wasn't decrypting that specific traffic.

Or maybe Google just added GZIP compression to their public services. Or maybe a PAN content update allowed it to better identify GZIP compression within Google apps.

PAN has supported GZIP compression identification for quite a bit though. It even uncompresses and scans GZIP encoded traffic essentially (IPS Scanning of Compressed Files)

As for PAN adding gzip as necessary to the App-ID for the Google Apps, are you just looking for the firewall to tell you that you also need to allow GZIP? Because if you have an explicit deny, I do not believe it auto-allows other needed apps. I think it only does this if you lack an explicit Deny.

But you should always have an explicit deny. :smileywink:

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!