Help allowing .dll files for VPN users

Reply
Highlighted
L0 Member

Help allowing .dll files for VPN users

Hi,

 

Like everyone, we have a lot of folks working from home. We use a CRM system called Ajeera, and in order to load up the various modules, the client system downloads an app from the server, which includes a .dll file. In the office, it works just fine, over VPN the .dll file is blocked. (It's a "ClickOnce" app, which is a new term to me, but it seems to be relevant)

 

I'm a little new to the firewall rules game, so I was hoping if someone could tell me if I'm on the right track. The model is PA-220, software is 9.0.9-h1. Nothing overly fancy about the setup.

 

I created a new security policy, set the source as the server specifically (192.168.x.x./32), destination is VPN zone.

Added the group profile "internal", which includes the Internal FB security profile, which I see does not block .dll files.

 

I assume I'll need to position this new policy above the policy that is blocking the .dll files. I've saved the config but not committed it. (Would this sort of change cause a reboot upon committing?)

 

I'm obviously not looking for, "Hey, nice job, mate! You did it perfectly!" as there's tons of details missing.  Just wondering if my logic is sound.  Also wondering if committing will cause a reboot, that's not clear to me.

 

Thanks!

Mike

Highlighted
Community Team Member

Hi @10Thirteen ,

 

Yes that sounds about right.

A commit should not trigger a reboot ... that said, I've seen cases where commits disrupted traffic and/or even disconnect VPNs.  So you might want to schedule this during a maintenance window.

 

Cheers,

-Kiwi.

 
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!