09-23-2022 03:28 AM
Hello,
I run into behavior that I can't explain.
We make teams available on the virtual desktops (web-based & desktop app)
We only want to block the use of audio and video within the functionality of both teams options.
Users are not allowed to use this (due to performance reasons)
In our situation we have configured ssl/tls decryption.
One policy has been defined that blocks the ms-teams-audio-video application.
All other ms-teams* applications are allowed.
However, this ensures that audio and video can be used in both options, the desktop app and web-based.
In the logging I see that the traffic is recognized as ms-teams and I don't see any ms-teams-audio-video.
I expected that as soon as I use audio and video in teams the Palo would recognize this as ms-teams-audio-video
Am I misunderstanding things and is this normal behavior? Or does the application recognition not work properly?
software-version 10.1.6-h3
apps & threats: 8261-7584
With kind regards,
Patrick Pater
