About krhayes

Hello, I recently got a request asking how often people at our institution search via Bing.  I could not find any existing application that does this, so I thought this would be a great exercise to create an app, however my creations is not getting triggered at all. I created an application based on the following criteria: HTTP Method: GET HTTP hostname: www.bing.com HTTP URI content: "search?" I believe that I made this correctly after following the documentation, and the configuration from the CLI is shown below for my app. HOWEVER, it never seems to fire properly when I search for anything on Bing. All I did was to define this app; I did not change any policies. I currently have outbound policies that permit all traffic. Any idea what I am doing wrong? bing {   signature {   Bing-Search {   and-condition {   "And Condition 1" {   or-condition {   "Or Condition 1" {   operator {   pattern-match {   qualifier {   http-method {   value GET;   }   }   pattern www\.bing\.com;   context http-req-host-header;   }   }   }   }   }   "And Condition 2" {   or-condition {   "Or Condition 1" {   operator {   pattern-match {   qualifier {   http-method {   value GET;   }   }   pattern search\?;   context http-req-uri-path;   }   }   }   }   }   }   scope protocol-data-unit;   order-free no;   }   }   subcategory internet-utility;   category general-internet;   technology browser-based;   risk 3;   evasive-behavior no;   consume-big-bandwidth no;   used-by-malware no;   able-to-transfer-file no;   has-known-vulnerability no;   tunnel-other-application no;   tunnel-applications no;   prone-to-misuse no;   pervasive-use no;   file-type-ident no;   virus-ident no;   spyware-ident no;   data-ident yes;   parent-app web-browsing;   }   } ... View more

Hello, I am looking to build a particular security policy where *all* web browsing is permitted, including any applications that the session gets transitioned to as a a result of App-ID figuring it out.  For example, a session may start out as a "web-browsing" application but then turn into a "google-maps" application as App-ID figures out what the user is trying to do.  I would like to permit *anything* that begins it's life as web-browsing...is there a way to do this with Application groups/filters, or do I have to bite the bullet, mark the application in my security policy as "Any", and set the service field of the policy to "service-http" and "service-https"? My search-fu is not as honed this morning, so I apologize if this has already been answered.  Thanks in advance! ... View more