URL Filtering - Blocks msn live and yahoo messenger

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

URL Filtering - Blocks msn live and yahoo messenger

Not applicable

Hi All,

I wonder if anyone is facing this issue... If you enable web-based-email inside ssl decryption rules, it will also block user to access both msn live messenger and yahoo messenger (this does not happen to skype of course). Even though, the existing security rules stated allow any application without any filtering mode, this will still happen.

Pan-os: 3.0.5

application version: 163-489

threat version: 163-489

url filtering version: 3247

Any workaround?

Thanks.

7 REPLIES 7

L5 Sessionator

Eugene,

If you've determined that your Yahoo and MSN IM sessions are being blocked by the filter on Web-based-email, Support recommends that you allow login.yahoo.com and live.msn.com.

Hi Nrice,

Thanks for your replied.

Nope, that is url filtering part, but the issue that i'm facing is with ssl decryption. Like i said, if you enable "web-based-email" category inside ssl decryption". I also tried using your method is the same.

In this case, how can we overcome this issue? As per now, there is no setting / configuration for us to whitelisting certain url as per ssl decryption category.

I ran this past Support and they recommend openeing a case so that they can work with you to get around the SSL decryption issue .

Did you find a fix for this problem?
I'm having the same problem with 4.1.5 and ssl decryption. Can't login to msn.

Jo Christian

/Jo Christian

So I found a fix for this problem.

Make a custom url category with *.msn.com and add it to a "no-decrypt" rule.

Jo Christian

/Jo Christian

To me that sounds bad because now all s**t at *.msn.com will bypass the protections that your PA can offer regarding threat and antivirus etc.

Hello,

Yes I agree.

But I needed to find a fast fix and this was the solution.

I guess it is possible to tighten the url filter a bit by finding the correct somethingat.msn.com

But this will not be a perfect solution anyway.

Jo Christian

/Jo Christian
  • 5277 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!