This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About BruceBennett
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About BruceBennett
01-31-2023
36Posts
16Likes
2Solutions
Jan 31, 2023Last Visited
User
Activity
User
Profile
Latest posts by BruceBennett
| Subject | Views | Posted |
|---|---|---|
| 407 | 09-07-2022 08:00 PM | |
| 570 | 08-31-2022 03:34 PM | |
| 2400 | 12-02-2021 06:46 AM | |
| 1141 | 01-08-2021 05:55 AM | |
| 1810 | 04-17-2020 07:28 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 11-26-2019 06:16 PM | |
| 1 Like | 10-15-2019 02:53 PM | |
| 1 Like | 12-01-2019 06:35 PM | |
| 5 Likes | 10-31-2019 05:48 AM | |
| 1 Like | 12-02-2019 06:07 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 5 Likes | |||
| 2 Likes | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 05-27-2016 12:32 PM |
| Date Last Visited | 01-31-2023 08:24 AM |
| Posts | 36 |
| Total Likes Received | 16 |
09-07-2022
08:00 PM
@BPry & @OtakarKlier I agree completely, thank you for the replies.
All of the users are internal to the company, we are just trying to restrict the access based on the different locations they are in on the network. The inside and outside references are to a secure vlan (inside) and normal user (outside). The different URI locations are for transferring files in and out of the secure environment.
I think I would have ended up with a novel trying to explain that without your statement referring to the inbound URL filtering. I had not even thought of it as inbound filtering, I was looking at it all from the users side. The only thing that is causing me issues, right now, is trying to block access to the rest of the site and only allowing access to the specific URIs.
... View more
08-31-2022
03:34 PM
I have read through a number of URL category issues, but I just cannot find something like this and I am baffled so far. I have two users, inside and outside, that access a certain internal webserver. What I am trying to do is the following.
outside:
allow: a.b.com/sites/outside and a.b.com/sites/common
block: a.b.com (the rest of the site)
inside:
allow: a.b.com (the rest of the site), including a.b.com/sites/inside and a.b.com/sites/common (I know they are part of the shorter domain entry)
block: a.b.com/sites/outside
Every time I add the root of the site to the custom categories it messes everything else up that is in place and outside is blocked to everything and inside is allowed access to a.b.com/sites/outside. It is like adding in the root overrides everything and the more detailed entries are ignored.
Where I am right now: I am blocking all other categories as they are not necessary as this is pointing to an inside server. I have four custom categories that I am trying in various combinations to resolve this.
cat-outside (a.b.com/sites/outside)
cat-inside (a.b.com/sites/inside)
cat-common (a.b.com/sites/common)
cat-site (a.b.com)
When I delete cat-site, I am getting a good block and allow for the extended URI entries and both users can also access the root, a.b.com/. When I add in a block for outside for the cat-site, outside loses access to common and outside. It appears that cat-site is overriding the other custom categories. Same experience for inside, I add cat-site allow, and it now has access to outside.
Is there anyway to prioritize the category with more descriptive entries over the more generic?
... View more
12-02-2021
06:46 AM
I was able to update the post and it now refers to your post.
... View more
01-08-2021
05:55 AM
We did something similar when we were waiting on a new device to be delivered. You should not have any issues with differentiating the traffic. On ours, the zones are assigned to the tunnel interface for each of the tunnels and a different zone applied to the user VPN compared to the IPSec tunnels. It really is not much different than having multiple tunnels to sites that you want different rules for each tunnel. That is a very simple answer, but when we did it, it really was not complicated at all. 1) Yes. 2) Not sure if there is a term for it. 3) It does not require a different license than the GlobalProtect license, and that might not be required depending on how you are using GP. Good luck, Bruce.
... View more
04-17-2020
07:28 AM
If you see it as an application in your traffic monitoring, then you should be able to create a rule, specifically blocking that application before your allow rule. I had to do the same thing with Webdav and Sharepoint in a recent implementation. If the traffic is only showing up as SSL traffic, then I do not think you can specifically block a program/application. Also, since it is SSL type traffic, you will need to do SSL decryption for that traffic before it would be identified as an application other than SSL. Not to go too far on this response, but if it is not a standard application and you are doing SSL decryption, you may be able to create your own custom application that is specific to that WINSCP traffic and block the traffic as described above. Sorry, I do not know much about WINSCP.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-31-2023
08:24 AM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks