This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Rule works at one site but not another

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Rule works at one site but not another

mmeiklejohn
L1 Bithead

‎02-16-2024 12:37 PM

Hi All,

 

I have a rule to block TikTok at a school and it works as expected.  I have another rule to block TikTok at another school and it does not work at all.  The rules are identical except that the first rule blocks some other apps as well.

 

I've attached screenshots.  Rule1 and Log1 are for the site that works, Rule 2 and Log 2 are for the site that doesn't work. 

 

Pulling my hair out on this one!  Does anyone have any suggestions?

 

Thanks for your time.

 

Marlon

Preview file
691 KB
0 Likes Likes
4 REPLIES 4

TomYoung
Cyber Elite
Cyber Elite

‎02-16-2024 05:23 PM

Hi @mmeiklejohn ,

 

Since TikTok is hitting LAN-INT-Allow-Sanctioned Apps, 1st verify your block rule comes before it.

 

Second, compare each column in the traffic log with rule (e.g., does the source IP match one of the source groups configured?).  If the order of rules is correct, there WILL be some detail in the traffic logs that does not match the rule.  Otherwise, it would match.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

mmeiklejohn
L1 Bithead
In response to TomYoung

‎02-20-2024 11:27 AM

Thanks for the input Tom.  I confirmed the blocking rules before the LAN-INT-Allow-Sanctioned-Apps, and the IPs of the machines in question were part of the assigned source groups.

 

However, I discovered that I had a URL Category defined under the Service/URL Category tab on the blocking rule that was failing.  The URL Category defined specific URLs that were to be blocked, so I was attempting to block apps and URLs in the same rule.  For the blocking rule that WAS working, I did not have any URL Categories defined.  In that case I had a totally separate rule to block specified URLs.  I don't fully understand why that would cause the rule to fail, but I don't really care at this point.  All is working as expected now! 

brramirez
L0 Member
In response to mmeiklejohn

‎04-03-2024 10:25 AM

@mmeiklejohn are your rules still working?  I just had to add some cdn urls for tiktok.  Traffic in andriod and apple apps was being allowed.

0 Likes Likes

mmeiklejohn
L1 Bithead
In response to brramirez

‎04-03-2024 11:07 AM

Hi.  I'm told that once in a while a student will get through on an iPad, but I've never been able to confirm that.  

0 Likes Likes
  • 653 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks