Have managed to break Google Play and Apple App store downloads

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Have managed to break Google Play and Apple App store downloads

Not applicable

Hi

At some point in the last month or so, I've managed to break downloads from both the Google Play store and Apple App store.  But I don't know how. Smiley Sad

I have enabled decryption, but have disabled all my decryption rules and it is still broken - So I assume it's not that.

I can't find any associated denied traffic in the traffic log, or in the URL filtering log.

PlayBroke.jpg

If anyone has any idea what I've done, it would be greatly appreciated.

Thanks

Shaun

4 REPLIES 4

L4 Transporter

If you don't have an explicit deny rule at the end of your policies, you won't see anything that is implicitly denied. In other words, If you don't have something allowed that needs to be allowed, and you don't have a policy that alerts or blocks everything else, you won't see it in the log. There is also a document located here: https://live.paloaltonetworks.com/docs/DOC-4256 that may be of use to you.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

Also instead of a "Deny any to any" rule you might want to break your explicit deny rule up by Zone... otherwise you break intra-zone traffic if you have any (this is from experience.. we broke our Palo Alto providing DHCP by having a 'deny any' at the bottom of our rule base)

I should have been more explicit! - As egearhart said, you definitely should not use a deny any any rule.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

Not applicable

Hi all

I do already have an explicit deny all rule covering this zone, with logging enabled.

  • 2479 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!