We have to allow only Teamviewer on some pc's, not internet browsing.
I created rule with apps:
adobe-flash-socketpolicy-server, ssl, web-browsing
But this rule will allow web-access to all sites.
Ok, i created custom URL category profile "Only teamviewer":
But traffic is not hit this rule, because "teamviewer-base" returns "any" it category:
"For team viewer, as it has its own decoder, it is not considered to be a web-browsing app anymore.
PAN only do the URL-Filtering in http decode for sure but it is not always for specific application decode."
Ok, i split rule:
Rule 1. teamviewer (apps-group)
Rule 2. ssl, web-browsing with URL category profile "Only teamviewer"
Rule 3. deny any
So i receive Warning while commit:
in 1st rule i use teamviewer-base and teamviewer-web, they need ssl and web-browsing, but ssl an web are denied in Rule 3
How to limit some pc without Palo Alto commit warning?
Solved! Go to Solution.
The validation process works by verifying each security rulebase entry. This process does not take into account other entries in the security rulebase, and the validation warning will trigger if any one policy does not include all applications required for the policy to function.
This is expected behavior, and as of yet, you are unable to suppress these commit warning messages.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!