Hello Friends, Please Comment what you have learnt from this video. Share, Support, Subscribe!!! Patron : www.patreon.com/Bikashtech Subscribe: bit.ly/3eFwHiy KZbin: kzbin.info Twitter: twitter.com/Bikashshaw82 Facebook: facebook.com/people/Bikash-Kumar-Shaw/100003333695682 Instagram: instagram.com/bikashtech/

At 17:18, the DNS traffic was allowed. As DNS is is UDP (in most cases) there's no FIN thus I suspect that is why it was aged-out. The "in-Out" policy to start with is wide open as long as the app is using default ports that traffic was good to go. Once you updated it to support only facebook, yup that killed any traffic other than facebook. The demo you were showing that DNS traffic should have landed on the interzone-default and thus that is where it would have been denied (not that it was aged out). Yes, adding DNS back to the appid and using application default fixed it. Keep your demo's up!

Great Bro you tought us in simple way

Excellent💐

Great video to understand APP-ID of PA

Nice video dear, I want to know about custom app ID filtering.. how to block get, and post base requests for private app which are not included in Palo Alto app id.

Can you please upload a troubleshooting video

Bikash, how do you install pa-vm on eve-ng?

Excellent keep doing

Hi bro, APP-ID can block facebook-chat,facebook-video and etc. How does App-id knew these traffic is chat traffic, video traffic. In SSL/TLS , a connection between client and server is secured(encrypted) ?. How firewall can know if the traffice is secured ? ....

Can u please help me to sort out my query: We currently do not do traffic decryption on the firewall for deep packet inspection. Can we safely consider converting eligible rules to application based rules even though we don't do any traffic decryption on the perimeter firewall? My concern is that since we don't decrypt traffic on the perimeter firewall we will not be able to accurately identify application traffic.

brillant.....can u share some interview Q&A for PA FW ?

please make one video for packet flow

Very good sir..

Could you please explain how to block&unblock subtabs like facebook-chat. I did understand how the PA identify it, however I could see the way to block subtabs... thank you for your help

Hellow sir nice video Sir last me aapne solution nhi bataya. Please sir answer

When come migration Checkpoint to Paloalto

Awesome

PA can block the tls traffic based on SNI in client hello packet or Common name field in certificate exchanged in server hello packet in case sni is not supported by web server.So my question is facebook is allowed and is encrypted .But if anyone try to access facebook chat ,since application data is fully encrypted so how firewall can know without ssl decryption just on sni or cn field ?

Can you make it hindi.

How to create custom app id

How can I block mobile Facebook application in PA220

What is the difference between FQDN and URL