https://live.paloaltonetworks.com/t5/general-topics/layer-7-protection-with-custom-service-port/m-p/1311#M1012 <HTML><HEAD></HEAD><BODY><P>I'm having a discussion with my firewall engineer about rules in the PA5020.&nbsp; If I define an application to be used, say SSL, and I want to run that on a random port, say 8443.&nbsp; When I define that port (service) 8443 and choose the Application 'ssl', does that rule say that I can run SSL over port 8443 OR does that rule say I can run any application over 8443?</P><P></P><P>It seems to me that it would be i can run SSL over 8443 and ONLY SSL.&nbsp; If it was mutually exclusive wouldnt PA just grey out the application selection when a custom port was chosen?</P><P></P><P>Thanks for clearing up this disagreement.&nbsp; <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Wed, 15 May 2013 18:41:29 GMT cgolden07 2013-05-15T18:41:29Z https://live.paloaltonetworks.com/t5/general-topics/layer-7-protection-with-custom-service-port/m-p/1311#M1012 <HTML><HEAD></HEAD><BODY><P>I'm having a discussion with my firewall engineer about rules in the PA5020.&nbsp; If I define an application to be used, say SSL, and I want to run that on a random port, say 8443.&nbsp; When I define that port (service) 8443 and choose the Application 'ssl', does that rule say that I can run SSL over port 8443 OR does that rule say I can run any application over 8443?</P><P></P><P>It seems to me that it would be i can run SSL over 8443 and ONLY SSL.&nbsp; If it was mutually exclusive wouldnt PA just grey out the application selection when a custom port was chosen?</P><P></P><P>Thanks for clearing up this disagreement.&nbsp; <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Wed, 15 May 2013 18:41:29 GMT https://live.paloaltonetworks.com/t5/general-topics/layer-7-protection-with-custom-service-port/m-p/1311#M1012 cgolden07 2013-05-15T18:41:29Z https://live.paloaltonetworks.com/t5/general-topics/layer-7-protection-with-custom-service-port/m-p/1312#M1013 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote" modifiedtitle="true"> <P>cgolden07 wrote:</P> <P></P> <P>I'm having a discussion with my firewall engineer about rules in the PA5020.&nbsp; If I define an application to be used, say SSL, and I want to run that on a random port, say 8443.&nbsp; When I define that port (service) 8443 and choose the Application 'ssl', does that rule say that I can run SSL over port 8443 OR does that rule say I can run any application over 8443?</P> <P></P> </PRE><P></P><P>The above quote has been my experience with PA... when you define a specific App-ID and a specific port, that means that App-ID can only run on that specific port instead of "application default"</P></BODY></HTML> Wed, 15 May 2013 20:41:28 GMT https://live.paloaltonetworks.com/t5/general-topics/layer-7-protection-with-custom-service-port/m-p/1312#M1013 ericgearhart 2013-05-15T20:41:28Z https://live.paloaltonetworks.com/t5/general-topics/layer-7-protection-with-custom-service-port/m-p/1313#M1014 <HTML><HEAD></HEAD><BODY><P>Application and service ports have an 'AND' operation - in your case traffic which is ssl over port 8443(only) will be allowed.</P></BODY></HTML> Wed, 15 May 2013 23:50:31 GMT https://live.paloaltonetworks.com/t5/general-topics/layer-7-protection-with-custom-service-port/m-p/1313#M1014 zarina 2013-05-15T23:50:31Z