Can we create a rule to match only the selected application without selecting WEb-Browsing dependency

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Can we create a rule to match only the selected application without selecting WEb-Browsing dependency

L0 Member

Dear All,

 

I need a community advice, we are migrating all our Firewalls from Checkpoint to Palo Alto.

First Palo Alto was implemented 2 weeks ago, a PA 3420 version 10.2.4-h2

 

We are trying to transform the imported rules into Palo alto style.

For example I want to create a rule to allow only access to "TeamViewer" application for some computers but not allowing them to browse internet.

 

So, first I implemented the SSL decrypt rule for thoses computers, decrypt is running fine.

I create the filtering rule with Source = computers Ip's and Destination= TeamViewer application

When I do that there are suggested applications dependency's that are SSL and Web-Browsing, so I add them also into the allowed Applications list. (Seem to be a best practice doing that)

 

But when I do this, the effect of this rule is that these computers can actually browse the whole Internet, not just TeamViewer.

 

So I read on some other posts that to filter correctly I should add an url list with (teamviewer.com and *.teamviewer.com) to the rule to filter only the Application teamviewer.

 

But, so what's the point to use application if in parallel I have to combine them with Url list ?

Because I could instead create a URL List based rule only (without speechifying the Application) i will have the same effect ?

 

Many thanks for your advices.

 

Regards

1 REPLY 1

Cyber Elite
Cyber Elite

Hi @PauloVenancio ,

 

If teamviewer is using its default port i.e. TCP/UDP 5938 then, it would be easier for you to filter traffic based on the destination port along-with app-id. But anyway, if teamviewer can't connect over default port, it will next try to connect over 443.

 

Coming to your questions-

 

But, so what's the point to use application if in parallel I have to combine them with Url list ?

-Most of admins use all the available options to restrict their security policies. So it will be good idea to use URL list in your case.

 

Because I could instead create a URL List based rule only (without speechifying the Application) i will have the same effect ?

-Yes, that will also work based on the destination URLs allowed under the list.

 

M
  • 871 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!