https://live.paloaltonetworks.com/t5/next-generation-firewall/next-gen-features-on-port-based-rules/m-p/379480#M133 <P>Anyone please ?</P> Wed, 13 Jan 2021 10:52:11 GMT FWPalolearner 2021-01-13T10:52:11Z https://live.paloaltonetworks.com/t5/next-generation-firewall/next-gen-features-on-port-based-rules/m-p/379451#M132 <P>Hello ,</P> <P>&nbsp;</P> <P>We are in process on migrating port based rules to APP -ID but as it is time taking process , it may take us sometime .</P> <P>&nbsp;</P> <P>Can we still enable Security profiles like AV, Antispyware , Vul Protection , Wildfire&nbsp; , Data Blocking ; URL filtering on Port based rules ?</P> <P>&nbsp;</P> <P>Or is there a preq to have APP ID for these features ?</P> <P>&nbsp;</P> <P>we want to start applying Security profiles with less restrictive actions , observe and then take strict actions like reset or block</P> <P>&nbsp;</P> <P>Kindly reply .</P> <P>&nbsp;</P> <P>Thanks</P> Fri, 04 Jun 2021 03:07:32 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/next-gen-features-on-port-based-rules/m-p/379451#M132 FWPalolearner 2021-06-04T03:07:32Z https://live.paloaltonetworks.com/t5/next-generation-firewall/next-gen-features-on-port-based-rules/m-p/379480#M133 <P>Anyone please ?</P> Wed, 13 Jan 2021 10:52:11 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/next-gen-features-on-port-based-rules/m-p/379480#M133 FWPalolearner 2021-01-13T10:52:11Z https://live.paloaltonetworks.com/t5/next-generation-firewall/next-gen-features-on-port-based-rules/m-p/379537#M134 <P>hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/133520">@FWPalolearner</a>&nbsp;</P><P>&nbsp;</P><P>yes absolutely you can enable all the security profiles on your port based rules</P><P>the content engines are smart enough to detect for themselves which protocols they can and will scan so they can be applied to anything from any any to fully set app + app-default rules and will function as expected</P><P>&nbsp;</P><P>there is no concept of 'overscanning' like some legacy firewalls (eg. smtp signatures will not be matched if the content engine detects http) so it is perfectly safe to enable _everything_ on all rules even if there are no applications</P><P>&nbsp;</P><P>hope this helps</P><P>&nbsp;</P> Wed, 13 Jan 2021 13:11:29 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/next-gen-features-on-port-based-rules/m-p/379537#M134 reaper 2021-01-13T13:11:29Z https://live.paloaltonetworks.com/t5/next-generation-firewall/next-gen-features-on-port-based-rules/m-p/379558#M135 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>&nbsp;Thanks a lot , really appreciate&nbsp;</P> Wed, 13 Jan 2021 13:54:03 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/next-gen-features-on-port-based-rules/m-p/379558#M135 FWPalolearner 2021-01-13T13:54:03Z