https://live.paloaltonetworks.com/t5/general-topics/basic-question-regarding-policy/m-p/523173#M108357 <P>Just trying to understand the policy a bit more.</P> <P>under the policy |&nbsp; application, if I select FTP and select http/s under the service, I assume fw is expecting FTP to run on port 80/443?</P> <P>hence, if I select app default on services, it will then expect the ftp traffic on port 21?</P> <P>&nbsp;</P> <P>what I was looking into allow ftp/http/s. I end up creating 2 policies for this, 1. with http/s under services without applications selected</P> <P>2. application selected ftp and under services, I chose app default.</P> <P>I guess my thinking is ok?</P> <P>thank a lot</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 02 Dec 2022 20:28:59 GMT Shadow 2022-12-02T20:28:59Z https://live.paloaltonetworks.com/t5/general-topics/basic-question-regarding-policy/m-p/523173#M108357 <P>Just trying to understand the policy a bit more.</P> <P>under the policy |&nbsp; application, if I select FTP and select http/s under the service, I assume fw is expecting FTP to run on port 80/443?</P> <P>hence, if I select app default on services, it will then expect the ftp traffic on port 21?</P> <P>&nbsp;</P> <P>what I was looking into allow ftp/http/s. I end up creating 2 policies for this, 1. with http/s under services without applications selected</P> <P>2. application selected ftp and under services, I chose app default.</P> <P>I guess my thinking is ok?</P> <P>thank a lot</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 02 Dec 2022 20:28:59 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-question-regarding-policy/m-p/523173#M108357 Shadow 2022-12-02T20:28:59Z https://live.paloaltonetworks.com/t5/general-topics/basic-question-regarding-policy/m-p/523181#M108360 <P>Hello,</P> <P>You logic is sound with regards to the Applications and Services (ports). You can do it with two policies or with one:</P> <P>1. Select FTP as application and http/https as services ( this will allow the FTP application over ports 80,443), then second policy as FTP application and services as application default.</P> <P>2. Select FTP as the application, then http/https and port 21 as a service, ( cant recall if there is a 21 by default, so you might have to add it)</P> <P>&nbsp;</P> <P>Your choice.</P> <P>&nbsp;</P> Fri, 02 Dec 2022 20:56:04 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-question-regarding-policy/m-p/523181#M108360 OtakarKlier 2022-12-02T20:56:04Z https://live.paloaltonetworks.com/t5/general-topics/basic-question-regarding-policy/m-p/523334#M108385 <P>Thak you Otakarklier, can you also explain the relationship between "application &amp; Service/URL"</P> <P>if I select Application = &gt; "any" and select Service/URL =&gt; http/https, my traffic seems to drop to google or Facebook.</P> <P>if I add web-browsing under the application, this will not work either, only if I select addplication-default under Service/URL</P> <P>&nbsp;</P> <P>what I am trying to get done is to allow http/https from inside to outside. but it needs to be http/https using browser others get blocked</P> <P>any idea how to achieve this without using "any" in the rule set</P> <P>&nbsp;</P> <P>much appreciated</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 05 Dec 2022 18:57:09 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-question-regarding-policy/m-p/523334#M108385 Shadow 2022-12-05T18:57:09Z https://live.paloaltonetworks.com/t5/general-topics/basic-question-regarding-policy/m-p/523342#M108386 <P>Ignore the above pls, I just forgot to allow DNS <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 05 Dec 2022 20:43:58 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-question-regarding-policy/m-p/523342#M108386 Shadow 2022-12-05T20:43:58Z