07-31-2018 08:34 PM
I've noticed that some App-IDs have web-browsing and ssl implicit to the application while others they are dependencies.
Is there a reason for this?
Are the App-IDs being updated to make these 2 applications implicit?
For instance, I'm setting up firewall policies for both teamviewer and Office 365. There are many more but I'm using these two just as an example. For both of these, ssl & web-browsing are dependencies. I followed the Tips & Tricks article about making a custom service group with all the ports necessry for these applications and applying it to a policy for web-browsing and ssl but I still get the dependency warnings. These are just annoying and having to explain to the client why they are there is a pain as well! The only way to eliminate them is to add web-browsing and ssl to every security policy that has these as dependencies.
It seems like half the App-IDs now have web-browsing and ssl as requirements and I don't see this shrinking.
So it really seems that something has to be done to alleviate this issue.
Anybody know if there is work to eliminate these spurious dependency warnings?
08-01-2018 08:21 AM
There is an existing Feature Request to add the ability to supress these warnings, although I'm not sure what the exact FR number is off-hand. I would contact your SE and have them add your vote to the FR in question.
You could include web-browsing and ssl in all of these rules, but that has some possible security implications that you might not want to encounter. Really the best answer to this is explaining to the client that it's just something that they'll have to live with for the moment; unless you can actually get away with adding the app-ids in these aren't going away anytime soon.
08-01-2018 08:21 AM
There is an existing Feature Request to add the ability to supress these warnings, although I'm not sure what the exact FR number is off-hand. I would contact your SE and have them add your vote to the FR in question.
You could include web-browsing and ssl in all of these rules, but that has some possible security implications that you might not want to encounter. Really the best answer to this is explaining to the client that it's just something that they'll have to live with for the moment; unless you can actually get away with adding the app-ids in these aren't going away anytime soon.
10-04-2018 04:56 PM
I realize it's not actually a solution but it does provide a clear answer that I can work with. It's a feature request and hopefully, some day, it'll be implemented.
Sorry for the pathetically late reply and thank you for the answer.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
