09-29-2010 03:18 PM
I have recently installed a pan device in TAP mode, with a port mirroring on a cisco switch that copy traffic to the tap interface. On the policy cofigured to allow all between TAP zone and TAP zone, i have configured default security profiles, specially url filtering profile that block some categories by default, so the question is, while beeing in tap mode, is it possible that the firewall actively participate in the traffic, by blocking some urls for example? I wanr also to know if the block action in url fiktering profiles is achived by a quiet drop of paquets or by a sending of TCP RST paquet?
09-29-2010 03:48 PM
My understanding is that TAP mode is merely watching traffic without that abiliity to interfere with it (i.e..using rules to block /allow etc...). The PAN gurus can answer definitively, though.
09-29-2010 03:51 PM
Not supported. you will have to be inline.
09-30-2010 12:25 AM
And what about block action in url filtering profile, is it a quite drop or a RST ?
09-30-2010 06:04 AM
You block the page with a standard or custom message page that essentially says "disallowed." Or you can use a "continue" mechanism that indicates that the user understands they are supposed to go to the URL but can if they really want to but that the action is logged. Or you can override the request by having the user input an administrative password. Though this last item probably isn't really practical for production networks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!