This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Security rules when ISP is caching?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Security rules when ISP is caching?

Go to solution
MCmgt
L2 Linker

‎02-19-2014 09:35 AM

In looking at outbound traffic I can see quite a bit to a network range owned by my ISP. I'm guessing that it's a cache. The application traffic seems to be what one would expect to be efficiently cached (ms-update, symantec-av-update, http-video, etc).

How do you write rules for that? Or is it that, say, Microsoft is taking an ms-update request and pointing the connection to the cache (based on my IP)?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
mbutt
L5 Sessionator
In response to MCmgt

‎02-26-2014 01:00 PM

In order to do that you will have to create a custom application.Below docs can shows two different ways you can do it

How to Create an Application Override Policy

Custom Application Signatures

Hope this helps you resolve the issue.


Thank you

Numan 

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
mbutt
L5 Sessionator

‎02-21-2014 03:03 PM

Hello,

I am not sure if i understanding your questions correctly.

However if you are trying to block certain type of traffic why would you do it in a traditional manner of blocking it based on IP. Rather you should be taking advantage of the AppID and block it based on the application name.
Doing this you will not have to worry about keeping track of what IP is cached and what IP you need to block. Hope this help in blocking the desired traffic.
Thank you

Numan

0 Likes Likes

Go to solution
pulukas
L7 Applicator

‎02-22-2014 07:58 AM

From the point of view of security, you may have two types of rules.

If you are trusting the ip range because this is your selected ISP and you trust what they choose to source from this range.  Then write a traditional ip address based allow rule from your network.

If you are allowing the listed applications, then you create an application based allow rule to any ip address and permit the traffic.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

Go to solution
MCmgt
L2 Linker
In response to pulukas

‎02-25-2014 06:12 AM

I'd like to tightly secure the outbound traffic I'm talking about. I'd rather not use just IP or just Application. I'd like to use both. A sample use case:

Some McAfee EPO traffic is being served from the cache. It is classified as web-browsing. I'd like to prevent general web browsing from that EPO server.

0 Likes Likes

Go to solution
mbutt
L5 Sessionator
In response to MCmgt

‎02-26-2014 01:00 PM

In order to do that you will have to create a custom application.Below docs can shows two different ways you can do it

How to Create an Application Override Policy

Custom Application Signatures

Hope this helps you resolve the issue.


Thank you

Numan 

0 Likes Likes
  • 1 accepted solution
  • 2727 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks