This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

About GMTPaul

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GMTPaul
‎03-15-2023
since ‎06-23-2017
L1 Bithead
User Activity
User Profile
Latest posts by GMTPaul
View All
User Badges
Community Statistics
Member Since ‎06-23-2017 01:04 PM
Date Last Visited ‎03-15-2023 03:24 PM
Posts 4

Re: application any not actually "any"

by in General Topics
‎06-29-2021 01:42 PM
‎06-29-2021 01:42 PM
I'm on the latest AV and threat definitions, I believe: AV: 3762-4273 Threat: 8422-6787   The URL filtering is just a curiosity - I really don't care if anyone uses imap to read yahoo mail, I was just surprised to see it pop up after enabling the gmail application. ... View more

Re: application any not actually "any"

by in General Topics
‎06-29-2021 11:41 AM
‎06-29-2021 11:41 AM
Unfortunately that's not the case.  With the gmail-base policy enabled IMAP in Outlook works and, for example:   C:\Program Files\Git\usr\bin>openssl.exe s_client -connect imap.gmail.com:993 CONNECTED(00000004) depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign verify return:1 depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = imap.gmail.com verify return:1 --- Certificate chain 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = imap.gmail.com i:C = US, O = Google Trust Services, CN = GTS CA 1O1 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1 i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign --- Server certificate -----BEGIN CERTIFICATE----- MIIExjCCA66gAwIBAgIQPWEmwAUPba0FAAAAAIfqPjANBgkqhkiG9w0BAQsFADBC MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw EQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIxMDYwNzAzMDUwNloXDTIxMDgzMDAzMDUw NVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFzAVBgNVBAMTDmlt etc..... With the gmail-base policy disabled IMAP in Outlook fails and: C:\Program Files\Git\usr\bin>openssl.exe s_client -connect imap.gmail.com:993 CONNECTED(00000004) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 316 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- Enable the policy and it's working again.   I went through and instead of taking a bunch of screenshots, here are the two policies: inside to outside policy: source: inside any user: any any destination: outside any application: any service/url: application-default any actions: allow, various profile lists allow gmail imap etc policy: source: inside any user: any any destination: outside any application: gmail-base service/url: application-default any actions: allow, various profile lists (identical to other policy)  I don't understand why adding a more restrictive policy allows an application to work. ... View more

application any not actually "any"

by in General Topics
‎06-29-2021 09:54 AM
‎06-29-2021 09:54 AM
  I have a simple virtual wire installation here, just testing policies.  I have a policy that is: source: inside destination: outside application: any service: application default   I attempted to connect to gmail through Outlook with IMAP and was being blocked.  Logs showed application of "insufficient-data" and "incomplete" with session end reason "tcp-rst-from-server".   I then created another near-identical policy with the only difference being application is "gmail-base".  I placed it above the original (see screenshot)   With this new policy added I am able to connect to gmail through Outlook with IMAP. The policies are otherwise identical. I'm now seeing application "gmail-base" and "yahoo-mail-base" in the traffic logs. If I disable the gmail-base policy I can no longer connect to any IMAP server over port 993. I can connect to both imap.gmail.com and imap.mail.yahoo.com with the openssl client: openssl.exe s_client -connect imap.mail.yahoo.com:993 with the policy enabled.   I then made a URL Category object containing imap.gmail.com and smtp.gmail.com and added it to the service/category page on the policy that had gmail-base but was still able to connect to imap.mail.yahoo.com with the openssl client.   So, I guess I have two questions:   Why does application:any not allow IMAP but application:gmail-base does allow it? Shouldn't the URL Category object containing only gmail domains prevent me from connecting to imap.mail.yahoo.com?     edited to add that this is a PA-220 running 8.1.13 ... View more

Re: Action on a vulnerabilty found in a SMTP flow

by in General Topics
‎04-28-2021 11:45 AM
‎04-28-2021 11:45 AM
I've just come across this very issue.  Kind of a pain.  Any update on the feature request? ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎03-15-2023 03:24 PM
Latest Tags
No tags yet
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks