Hello Art,
I was able access scribd.com but not able to upload any files by blocking 'scribd-uploading' application only.
Here is how my security policies looked:
Also, I am seeing allowed sessions for 'scribd-base' application and discarded sessions for 'scribd-uploading' application
admin@PA-500> show session all filter application scribd-uploading
--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
19704 scribd-uploading DISCARD FLOW NS 192.168.50.105[11583]/trust-L3/6 (10.66.24.50[60799])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19702 scribd-uploading DISCARD FLOW NS 192.168.50.105[11581]/trust-L3/6 (10.66.24.50[40027])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19700 scribd-uploading DISCARD FLOW NS 192.168.50.105[11579]/trust-L3/6 (10.66.24.50[6287])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19898 scribd-uploading DISCARD FLOW NS 192.168.50.105[11728]/trust-L3/6 (10.66.24.50[65050])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19858 scribd-uploading DISCARD FLOW NS 192.168.50.105[11696]/trust-L3/6 (10.66.24.50[39950])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19701 scribd-uploading DISCARD FLOW NS 192.168.50.105[11580]/trust-L3/6 (10.66.24.50[37286])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
admin@PA-500> show session all filter application scribd
Unrecognized application
admin@PA-500> show session all filter application scribd-base
--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
19740 scribd-base ACTIVE FLOW NS 192.168.50.105[11613]/trust-L3/6 (10.66.24.50[13139])
vsys1 50.97.140.66[443]/untrust-L3 (50.97.140.66[443])
19918 scribd-base ACTIVE FLOW NS 192.168.50.105[11735]/trust-L3/6 (10.66.24.50[7920])
vsys1 173.192.64.45[80]/untrust-L3 (173.192.64.45[80])
19685 scribd-base ACTIVE FLOW NS 192.168.50.105[11573]/trust-L3/6 (10.66.24.50[60986])
vsys1 173.192.64.45[80]/untrust-L3 (173.192.64.45[80])
19691 scribd-base ACTIVE FLOW NS 192.168.50.105[11574]/trust-L3/6 (10.66.24.50[31546])
vsys1 173.192.64.45[80]/untrust-L3 (173.192.64.45[80])
19819 scribd-base ACTIVE FLOW NS 192.168.50.105[11668]/trust-L3/6 (10.66.24.50[4729])
vsys1 174.35.35.7[80]/untrust-L3 (174.35.35.7[80])
19738 scribd-base ACTIVE FLOW NS 192.168.50.105[11611]/trust-L3/6 (10.66.24.50[27250])
vsys1 50.97.140.66[443]/untrust-L3 (50.97.140.66[443])
19897 scribd-base ACTIVE FLOW NS 192.168.50.105[11727]/trust-L3/6 (10.66.24.50[18451])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19739 scribd-base ACTIVE FLOW NS 192.168.50.105[11612]/trust-L3/6 (10.66.24.50[50257])
vsys1 50.97.140.66[443]/untrust-L3 (50.97.140.66[443])
19735 scribd-base ACTIVE FLOW NS 192.168.50.105[11610]/trust-L3/6 (10.66.24.50[11955])
vsys1 173.192.64.45[80]/untrust-L3 (173.192.64.45[80])
admin@PA-500>
The 'scribd-uploading' application is working as intended.
Regards,
Kunal Adak
Hello Art,
I was able access scribd.com but not able to upload any files by blocking 'scribd-uploading' application only.
Here is how my security policies looked:
Also, I am seeing allowed sessions for 'scribd-base' application and discarded sessions for 'scribd-uploading' application
admin@PA-500> show session all filter application scribd-uploading
--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
19704 scribd-uploading DISCARD FLOW NS 192.168.50.105[11583]/trust-L3/6 (10.66.24.50[60799])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19702 scribd-uploading DISCARD FLOW NS 192.168.50.105[11581]/trust-L3/6 (10.66.24.50[40027])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19700 scribd-uploading DISCARD FLOW NS 192.168.50.105[11579]/trust-L3/6 (10.66.24.50[6287])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19898 scribd-uploading DISCARD FLOW NS 192.168.50.105[11728]/trust-L3/6 (10.66.24.50[65050])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19858 scribd-uploading DISCARD FLOW NS 192.168.50.105[11696]/trust-L3/6 (10.66.24.50[39950])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19701 scribd-uploading DISCARD FLOW NS 192.168.50.105[11580]/trust-L3/6 (10.66.24.50[37286])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
admin@PA-500> show session all filter application scribd
Unrecognized application
admin@PA-500> show session all filter application scribd-base
--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
19740 scribd-base ACTIVE FLOW NS 192.168.50.105[11613]/trust-L3/6 (10.66.24.50[13139])
vsys1 50.97.140.66[443]/untrust-L3 (50.97.140.66[443])
19918 scribd-base ACTIVE FLOW NS 192.168.50.105[11735]/trust-L3/6 (10.66.24.50[7920])
vsys1 173.192.64.45[80]/untrust-L3 (173.192.64.45[80])
19685 scribd-base ACTIVE FLOW NS 192.168.50.105[11573]/trust-L3/6 (10.66.24.50[60986])
vsys1 173.192.64.45[80]/untrust-L3 (173.192.64.45[80])
19691 scribd-base ACTIVE FLOW NS 192.168.50.105[11574]/trust-L3/6 (10.66.24.50[31546])
vsys1 173.192.64.45[80]/untrust-L3 (173.192.64.45[80])
19819 scribd-base ACTIVE FLOW NS 192.168.50.105[11668]/trust-L3/6 (10.66.24.50[4729])
vsys1 174.35.35.7[80]/untrust-L3 (174.35.35.7[80])
19738 scribd-base ACTIVE FLOW NS 192.168.50.105[11611]/trust-L3/6 (10.66.24.50[27250])
vsys1 50.97.140.66[443]/untrust-L3 (50.97.140.66[443])
19897 scribd-base ACTIVE FLOW NS 192.168.50.105[11727]/trust-L3/6 (10.66.24.50[18451])
vsys1 50.97.140.66[80]/untrust-L3 (50.97.140.66[80])
19739 scribd-base ACTIVE FLOW NS 192.168.50.105[11612]/trust-L3/6 (10.66.24.50[50257])
vsys1 50.97.140.66[443]/untrust-L3 (50.97.140.66[443])
19735 scribd-base ACTIVE FLOW NS 192.168.50.105[11610]/trust-L3/6 (10.66.24.50[11955])
vsys1 173.192.64.45[80]/untrust-L3 (173.192.64.45[80])
admin@PA-500>
The 'scribd-uploading' application is working as intended.
Regards,
Kunal Adak
