A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicitly uses web-browsing and depends on SSL.
When creating a new rule, what is needed to allow the application to resolve dependencies?
A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicitly uses web-browsing and depends on SSL.
When creating a new rule, what is needed to allow the application to resolve dependencies?
When creating a rule for the PAN-OS GlobalProtect application, it implicitly uses web-browsing but depends on SSL. This means that web-browsing will be allowed automatically as part of GlobalProtect and does not need to be explicitly included in the rule. However, SSL must be explicitly allowed because GlobalProtect depends on it for proper functioning. Therefore, the correct action is to add SSL to the same rule.
A. Tested this in the lab. SSL is the only additional app needed to be added. It appears in "depends on" when adding global protect to the rule. web-browsing doesnt need to be added because it's already implicitly allowed by allowing global protect.
Should be A: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/app-id/applications-with-implicit-support https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK
Application that is implicitly allowed while using some other application means that it is used even if you don't explicitly allow it in the rule. In this example, web-browsing is implicitly used, meaning GlobalProtect will use it and it will be allowed even if you don't explicitly allow web-browsing. On the other hand, depends on means that whatever other app GlobalProtect depends on (not implicitly allowed) needs to be explicitly allowed by the administrator in order for GlobalProtect to work and not break.
So in this example, SSL is depends on type of app for GP and it needs to be added to the same rule.
https://applipedia.paloaltonetworks.com/ Search for different applications and their implicit and dependency on others Reference GlobalProtect Google Yahoo! Depends on Applications: ssl Implicit use Applications: web-browsing
B, because that's what I would do in the real world... allow services an app uses so it works.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK
I think A is the answer https://live.paloaltonetworks.com/t5/blogs/what-is-application-dependency/ba-p/344330
Answer is A
I think it is D, Global Protect is implicitly allowing SSL already.
A, correct, based on the Live link you shared by mercysayno765. (i know this uses facebook as an example) Reason: >) 'Depends on' has the following applications listed: facebook-base, facebook-apps and facebook-chat. This means that in order for this to work, one or more of the these applications need to be allowed in the same rule. << Our answer, we need SSL in that same rule 'Implicitly Uses' has web-browsing listed. This means that if you allow facebook-posting, that it will also be allowing the web-browsing application implicitly.. In our case, we dont know which APP the question referes too but 'Implicitly means already uses HTTP.
This is by far the most confusing answer section ever created. The docs say that if you allow an app, some dependencies will be implicitly allowed. If you are making a brand new rule, you would need to allow web-browsing and allow SSL, C seems like the right answer.
C is implicitly allowed already. Answer is A
I meant to say web-browsing is implicitly allowed already.