https://live.paloaltonetworks.com/t5/general-topics/applications-not-being-identified-correctly/m-p/582662#M116513 <P>I spent several hours making a lot of changes but what i found that works is making sure that in your policy that "Service/URL Catagory" is setup to be any/any.&nbsp; the setting "Application Default" ends up blocking the initial connection to the patch servers from the battle.net app.</P> Thu, 04 Apr 2024 15:09:33 GMT NikGore 2024-04-04T15:09:33Z https://live.paloaltonetworks.com/t5/general-topics/applications-not-being-identified-correctly/m-p/40705#M29891 <HTML><HEAD></HEAD><BODY><P>I am running into a&nbsp; number of situations where the applications are not being identified correctly and thus not working.&nbsp; I can see that the applications is using the correct port, but the PA shows it is "web browsing", unknown, etc.&nbsp; Examples:</P><P></P><P>KaKaoTalk (ports 80 and 443) which is enabled, does not work</P><P>Guild Wars (6112, 6600 and 80) 6112 shows up as unknown-tcp, 6600</P><P>Battle.net (80 and 1119) port 1119 shows up as uknown-tcp and "web browsing".</P><P></P><P>Any suggestions on why?&nbsp; How can I got about fixing them?&nbsp; etc.</P><P></P><P>Thanks</P><P>Bob</P></BODY></HTML> Mon, 14 Jan 2013 01:13:00 GMT https://live.paloaltonetworks.com/t5/general-topics/applications-not-being-identified-correctly/m-p/40705#M29891 BobW 2013-01-14T01:13:00Z https://live.paloaltonetworks.com/t5/general-topics/applications-not-being-identified-correctly/m-p/40706#M29892 <HTML><HEAD></HEAD><BODY><P>Are any of these using SSL/HTTPS? And if so, did you enable SSL-termination (SSL-decrypt) in your PA box?</P></BODY></HTML> Mon, 14 Jan 2013 10:25:54 GMT https://live.paloaltonetworks.com/t5/general-topics/applications-not-being-identified-correctly/m-p/40706#M29892 mikand 2013-01-14T10:25:54Z https://live.paloaltonetworks.com/t5/general-topics/applications-not-being-identified-correctly/m-p/582662#M116513 <P>I spent several hours making a lot of changes but what i found that works is making sure that in your policy that "Service/URL Catagory" is setup to be any/any.&nbsp; the setting "Application Default" ends up blocking the initial connection to the patch servers from the battle.net app.</P> Thu, 04 Apr 2024 15:09:33 GMT https://live.paloaltonetworks.com/t5/general-topics/applications-not-being-identified-correctly/m-p/582662#M116513 NikGore 2024-04-04T15:09:33Z https://live.paloaltonetworks.com/t5/general-topics/applications-not-being-identified-correctly/m-p/582710#M116516 <P>Hello,</P> <P>This is where things get confusing and complicated. Lets take battle.net as an example.</P> <P>First go to&nbsp;<A href="https://applipedia.paloaltonetworks.com/" target="_blank">https://applipedia.paloaltonetworks.com/</A></P> <P>This lists all the applications the PAN knows etc.</P> <P>Search for battle.net and click on the name.</P> <P>&nbsp;</P> <P>Here is the important part to look for:</P> <P>"Depends on Applications" and "Standard Ports"</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OtakarKlier_0-1712264128496.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58846iDFC14E5D0BE11E1C/image-size/medium?v=v2&amp;px=400" role="button" title="OtakarKlier_0-1712264128496.png" alt="OtakarKlier_0-1712264128496.png" /></span></P> <P>&nbsp;</P> <P>So if we are just creating a policy to allow battle.net, it should look something like:</P> <P>Applications: battle.net, web-browsing, ssl (its not listed but maybe required due to port 443)</P> <P>Service: http, https, and might need to create a custom one for 1119.</P> <P>&nbsp;</P> <P>I hope this makes sense. Please let us know if you have additional follow up questions.</P> <P>&nbsp;</P> <P>Regards,</P> <P>&nbsp;</P> Thu, 04 Apr 2024 20:57:36 GMT https://live.paloaltonetworks.com/t5/general-topics/applications-not-being-identified-correctly/m-p/582710#M116516 OtakarKlier 2024-04-04T20:57:36Z https://live.paloaltonetworks.com/t5/general-topics/applications-not-being-identified-correctly/m-p/582726#M116518 <P>If love it that worked alone but there are some initial p2p connections that aren't categorized as such.&nbsp; I went so far as to put the machine in a dmz with a policy allowing everything and still didn't work until I changed application-default to "any" and then the connections to the installer patch server were no problem.</P> <P>&nbsp;</P> <P>I believe this is an issue with the battle net installer and not with the firewall but workarounds are there for us poor unfortunate souls who have to deal with this stuff.</P> <P>&nbsp;</P> <P>I couldn't find anywhere in the logs that would point me to this change, I was just turning off security policy items one by one till it worked.</P> Thu, 04 Apr 2024 22:42:46 GMT https://live.paloaltonetworks.com/t5/general-topics/applications-not-being-identified-correctly/m-p/582726#M116518 NikGore 2024-04-04T22:42:46Z