11-21-2024 03:19 AM
I have created a policy which says "Src: FQDN of 2users" "DST:Any" "App: gmail-base, gmail-posting, ssl, stun, vidyo, web-browsing" "URL CATEGORY: Computer and internet info, web-based-email" "Action: Allow"
But the logs I see is, those users are not hitting this policy (They are still passing through the default policy even the above created policy is above the default one) and "Session-End-Rease: Threat".
Basically what I understand is that L7 inspection is blocking the traffic.
Need help...
11-21-2024 11:48 AM
I would generally recommend creating a much more targeted policy. The firewall can easily identify Gmail traffic just through app-id regardless of whether or not you're actually decrypting that traffic or not. So you could just build a rule for those two users targeted app-id and utilize the container 'gmail' application if you wanted. I wouldn't utilize the URL categories that you have specified at all. Either build one specific to Google or exclude it from your policy outright.
Once that is done if it's still not matching you will need to ensure that your FQDN objects are resolving properly and actually take a detailed look at your logs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
