Identifying iPad App Traffic

Reply
Highlighted
L1 Bithead

Identifying iPad App Traffic

Greetings

 

I have a PA-220 Running Version 8.1.9-h4

 

Current problem is that some teachers use iPads and some of them use an app called SEESAW.

The app loads fine on the iPad but seem to be blocked from the cloud resources it should have access to.

Using it on Mobile data everything loads fine.

Using it through the Firewall I eventually get a message "Can't Connect to Server" "Retry"

 

I have gone to the Monitor tab and using the iPad's IP have checked

>Traffic
>Threat
>URL Filtering
as well as a few others.
nothing is coming up as Blocked everything seems to be allowed.

I cannot work out what or where the traffic is being blocked.

 

Any Advice or hints are appreciated.

(Trying to make sense of things one problem at a time)
Tags (1)
Highlighted
L5 Sessionator

Re: Identifying iPad App Traffic

@DariusvanWijk,

 

If security policy is application specific, please check if any dependent app is not allowed in the policy. If this is not the case,

take one system in the same subnet which belongs to iPAD and try traceroute to the destination IP addresses seen in traffic logs and check if it passes firewall.

 

-Mayur



Mayur Sutare
Highlighted
L1 Bithead

Re: Identifying iPad App Traffic

@SutareMayur 

 

Do you mean that i should go to Objects > Applications and add SEESAW to the allowed application list?
If so then i cannot as PALO does have a SEESAW application listed as an option.

 

I also checked here https://applipedia.paloaltonetworks.com/

(Trying to make sense of things one problem at a time)
Highlighted
L5 Sessionator

Re: Identifying iPad App Traffic

@DariusvanWijk ,

 

I mean what type of security policy u have written for allowing traffic?? is it application based or service based??

 

Mayur



Mayur Sutare
Highlighted
L1 Bithead

Re: Identifying iPad App Traffic

@SutareMayur 

 

There are a list off applications that are allowed, Under objects > Application groups that the iPads are allowed to use and then under Objects > URL Filtering there the URL Categories that are blocked or allowed.

(Trying to make sense of things one problem at a time)
Highlighted
L5 Sessionator

Re: Identifying iPad App Traffic

@DariusvanWijk,

 

There are certain applications which are dependent on some other applications. If dependent apps are not allowed in the policy, it never works as per our expectations.

 

e.g. If you want to allow traceroute app in the policy, you need to allow ICMP and Ping also in order to work it properly. Dependency can be checked under each application details on firewall.

 

- Mayur



Mayur Sutare
Highlighted
L1 Bithead

Re: Identifying iPad App Traffic

@SutareMayur 

 

Morning.
I get what you are saying about the dependencies.

 

But i don't know what SEESAW needs.

SEESAW is not listed as an application (like Netflix is) in the Palo software.
https://applipedia.paloaltonetworks.com/

 

So if SEESAW as an application in the Palo is actually SAWSEE, i don't know how to work that out to allow it.

basically how do i work out if it has different name, or why the traffic is not allowed.

 

Edit:  I just got told it worked on Friday last week. (and i have not made change to the firewall between then and now)

(Trying to make sense of things one problem at a time)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!