Identifying iPad App Traffic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Identifying iPad App Traffic

L1 Bithead

Greetings

 

I have a PA-220 Running Version 8.1.9-h4

 

Current problem is that some teachers use iPads and some of them use an app called SEESAW.

The app loads fine on the iPad but seem to be blocked from the cloud resources it should have access to.

Using it on Mobile data everything loads fine.

Using it through the Firewall I eventually get a message "Can't Connect to Server" "Retry"

 

I have gone to the Monitor tab and using the iPad's IP have checked

>Traffic
>Threat
>URL Filtering
as well as a few others.
nothing is coming up as Blocked everything seems to be allowed.

I cannot work out what or where the traffic is being blocked.

 

Any Advice or hints are appreciated.

(Trying to make sense of things one problem at a time)
6 REPLIES 6

Cyber Elite
Cyber Elite

@DariusvanWijk,

 

If security policy is application specific, please check if any dependent app is not allowed in the policy. If this is not the case,

take one system in the same subnet which belongs to iPAD and try traceroute to the destination IP addresses seen in traffic logs and check if it passes firewall.

 

-Mayur

M

@SutareMayur 

 

Do you mean that i should go to Objects > Applications and add SEESAW to the allowed application list?
If so then i cannot as PALO does have a SEESAW application listed as an option.

 

I also checked here https://applipedia.paloaltonetworks.com/

(Trying to make sense of things one problem at a time)

@DariusvanWijk ,

 

I mean what type of security policy u have written for allowing traffic?? is it application based or service based??

 

Mayur

M

@SutareMayur 

 

There are a list off applications that are allowed, Under objects > Application groups that the iPads are allowed to use and then under Objects > URL Filtering there the URL Categories that are blocked or allowed.

(Trying to make sense of things one problem at a time)

@DariusvanWijk,

 

There are certain applications which are dependent on some other applications. If dependent apps are not allowed in the policy, it never works as per our expectations.

 

e.g. If you want to allow traceroute app in the policy, you need to allow ICMP and Ping also in order to work it properly. Dependency can be checked under each application details on firewall.

 

- Mayur

M

@SutareMayur 

 

Morning.
I get what you are saying about the dependencies.

 

But i don't know what SEESAW needs.

SEESAW is not listed as an application (like Netflix is) in the Palo software.
https://applipedia.paloaltonetworks.com/

 

So if SEESAW as an application in the Palo is actually SAWSEE, i don't know how to work that out to allow it.

basically how do i work out if it has different name, or why the traffic is not allowed.

 

Edit:  I just got told it worked on Friday last week. (and i have not made change to the firewall between then and now)

(Trying to make sense of things one problem at a time)
  • 3534 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!