04-11-2024 05:30 AM
We have a Palto Alto cluster and I want to use them as reverse proxy for our Exchange inbound trafic. We activated decryption for this trafic and we want to allow only ActiveSync trafic / application.
It did not work with only allow ActiveSync application, we also had to create another rule to allow web-browsing to URL */microsoft-server-activesync because it does not detect all trafic as activesync, even though it's decrypted.
In attached picture the log of a part of the trafic when I sync my iphone with the native mail application.
Anyone already done this ? Why doesn't it detect correctly the trafic as ActiveSync ?
04-16-2024 06:02 AM
Hi @karsayor ,
Looking at applipedia info for activesync, web-browsing should be implicitly allowed and no explicit configuration should be required.
That said, applications for which the firewall cannot determine dependent applications on time will require that you explicitly allow the dependent applications when defining your policies.
Source:
https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/app-id/applications-with-implicit-support
Kind regards,
-Kim.
04-16-2024 06:14 AM
Hello ! Thanks for the reply !
But in case I have to specify web-browsing explicitely, it will allow all trafic to the HTTPS port including OWA / ECP /.. , which I do not want to open. I only want to allow activesync . Is there a way to do this ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
