06-12-2025 07:59 AM
when creating rules sometimes you see the "Depends On" in the right side in the Application screen and it lists "websocket or ssl". If I specify specific applications like ms-update or etc and it shows depends on "ssl or websocket" on the right, would I want to add it to the current rule so it would be tied to that traffic since it is noting it depends on those apps? Or what is best approach for this?
Thank you
06-12-2025 08:57 AM
@JasonFerris wrote:
when creating rules sometimes you see the "Depends On" in the right side in the Application screen and it lists "websocket or ssl". If I specify specific applications like ms-update or etc and it shows depends on "ssl or websocket" on the right, would I want to add it to the current rule so it would be tied to that traffic since it is noting it depends on those apps? Or what is best approach for this?
Thank you
Unfortunately this is almost a philosophical question/answer. There's not a wrong or a right way to address this. I personally would have a rule that just allows the "default" App-IDs that are needed in general like web-browsing, stun, websocket, SSL...et al and allow those. Then have your more specific App-ID rules that allow the more business centric App-IDs tied to your specific user groups (if it applies.)
06-12-2025 09:07 AM
Hi Brandon,
Example: traffic from source1 to say internet with specific app IDs like ms-update etc. What I'm after I guess is that when adding apps to the rule you see the depends on - ssl, websocket. But if you don't go and add those to the existing rule its possible that traffic or some of the traffic won't hit that rule for ssl or websocket correct? Hitting a more general rule afterwards or a deny all rule. To make sure that ms-update application traffic works as expected "should" ssl and websocket be applied to that rule? I'm trying to be granular in our rules so only necessary traffic is allowed.
06-12-2025 11:31 AM
@JasonFerris wrote:
Hi Brandon,
Example: traffic from source1 to say internet with specific app IDs like ms-update etc. What I'm after I guess is that when adding apps to the rule you see the depends on - ssl, websocket. But if you don't go and add those to the existing rule its possible that traffic or some of the traffic won't hit that rule for ssl or websocket correct? Hitting a more general rule afterwards or a deny all rule. To make sure that ms-update application traffic works as expected "should" ssl and websocket be applied to that rule? I'm trying to be granular in our rules so only necessary traffic is allowed.
@JasonFerris -- let me clarify what I meant. To account for the "depends-on" like you mentioned. You have 3 options, but really only 2. The 2 I previously mentioned.
1. You can create a general rule that allows the "you should probably allow these applications so web pages can work" rule. These would be App-IDs like web-browsing, stun, websocket, SSL...et al.
2. Or they could be only included in the specific rules associated to their "depends-on" App-ID.
Option 3 is the one you just mentioned is "do nothing with it" let it hit a default deny rule and hope for the best. In some instances not allowing the depends-on App-ID won't really impact the core App-IDs functionality. That particular app may generally be ok with some one-off scenarios where the traffic behaves weird for the user with things not working right. There are other App-IDs where not allowing the depends-on App-ID will me the primary application just won't work.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
