Create a new ACL line which matches on Google Maps and Google Translate. Create a new File Blocking profile for that rule which allows GZIP.
This will allow you to let GZIP work for these apps but the rest of the traffic will match on your previous rules.
thank you for your comments guys, but I know this kind of workarounds.
I like to know, if PAN is responsible for this change or Google? And regardless if PAN is able to modify the apps and include gzip as 'necessary'.
That is hard to answer depending on many variables.
For example, maybe Google was using TLS1.2 but your PAN was not yet at the version which added 1.2 support so it wasn't decrypting that specific traffic.
Or maybe Google just added GZIP compression to their public services. Or maybe a PAN content update allowed it to better identify GZIP compression within Google apps.
PAN has supported GZIP compression identification for quite a bit though. It even uncompresses and scans GZIP encoded traffic essentially (IPS Scanning of Compressed Files)
As for PAN adding gzip as necessary to the App-ID for the Google Apps, are you just looking for the firewall to tell you that you also need to allow GZIP? Because if you have an explicit deny, I do not believe it auto-allows other needed apps. I think it only does this if you lack an explicit Deny.
But you should always have an explicit deny. :smileywink:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!