About dkillpack

Has anyone here dealt with Googles hangout app for mobile devices going through the firewall. The customer wants to allow hangout chat but not file-transfer or video calling. The apps sees it as google-talk and under it is gtalk-voice, google-talk-base and gtalk-file-transfer. If we set up the policy for app filtering would the gtalk-file-transfer be masked by ssl or would it still be seen? I am thinking it would be masked so an ssl decrypt policy would need to be employed. However when I enable the ssl decrypt, the device then can not sign into google hangouts. Any thoughts or help would be appreciated. Darrell ... View more

I am looking for a way to create an custom application signature to identify IE browsers when accessing the internet and reliably identify it whether it is using http or https. Currently I have a custom app signature the works great when accessing http sites but fails when accessing https sites. I have set the custom app signature up with pattern matching. Context of [http-req-headers] and the pattern of [compatible; MSIE 10.0;]. this was created based on the creating a custom app signature document. When I use it in a policy that has only this app in it. I sees the the browser and throws up a response page. The other half of the policy should have the url category of social-networking. And when this is used by itself in a policy, it works great in both http and https. However put both together and access an https page and the browser app is ignored and typically shows ssl as the app. And the url category is not seen either. The question then is can I create a custom app signature that can identify the browser when using an https page. Is there a different context that I should use for https rather than the http-reg-headers option? Any thoughts and suggestions are welcomed. Darrell ... View more