Yahoo 2520mail

[Caterina Haggins]

None of the above works unless Decryption is enabled on the Palo. Basically they can go to Yahoo.com and click on the mail icon and get there. Unfortunately I can't block the login screen becuase they need for other parts of Yahoo (ie Yahoo finance). Any recommendations would be appreciated. Unfortunately the customer doesn't want to enable Decryption.

If you can grab a test client and associated a url-filtering profile that has everything set to alert, you should be able to see exactly what the firewall is seeing as far as what URL clients are visiting. You should be able to use those logs to build out a block at that point, or confirm that you won't be able to block it without affecting access to the other Yahoo services that they need.

Taking a brief glance at unencrypted traffic matching mail.yahoo.com, looks like you should be able to block this with what you have. Ensure that your deny rule also accounts for the traffic being identified as yahoo-mail and not just ssl/web-browsing.

I did find all of the websites it was reaching out to (screen shot is below). I did put all of those websites in the URL filtering profile as a block (added them with wildcards and Carets as well). When I log in to Yahoo, I can still get to the Mailbox (screen shot of that below as well). The only way I that is blocked is if I enable Decryption on the firewall. I have denied traffic to all yahoo mail bases on any service through a policy and the mail link in the screen shot below still goes to my mailbox.

c80f0f1006