https://live.paloaltonetworks.com/t5/general-topics/settings-for-getting-hyper-v-working-in-pan/m-p/18602#M13573 <HTML><HEAD></HEAD><BODY><P>Thanks for following up on this one, I'm sure it will help other folks who are in a Hyper-V environment</P></BODY></HTML> Thu, 31 Jan 2013 18:06:33 GMT ericgearhart 2013-01-31T18:06:33Z https://live.paloaltonetworks.com/t5/general-topics/settings-for-getting-hyper-v-working-in-pan/m-p/18600#M13571 <HTML><HEAD></HEAD><BODY><P>setupHello,</P><P></P><P>I have been struggling with this all day, and I think I have it narrowed down, but can't seem to nail it down yet.</P><P></P><P>I have a test Hyper-V 2012 server in the data center, and all my services are working properly, except being able to connect to the VM's via Virtual Machine Connection. It uses TCP Port 2179 and is basically RDP, just running on this port instead of 3389. I have everything else working properly, but for some reason, when I either add a service with this port, it breaks MSRPC application, and if I add the tcp port to an application object, it still doesn't work. Looking at the logs and the pcaps, the firewall is doing what it is supposed to and dropping them, but it shouldn't be if I have the rules setup.</P><P></P><P>After spending 8 hours searching Google, Bing, Yahoo, Ask, and countless other search engines, including here, I have found not a single person or organization that is running Hyper-V behind a Palo Alto Firewall.</P><P>Any direction as to how to setup the Application or the Service to get this working would be great. Currently I have this server doing an allow all from both zones, so basically this server is not being protected by my firewall at all.</P><P></P><P>Any help would be greatly appreciated.</P><P></P><P>Thanks,</P><P>Lucas Williams</P></BODY></HTML> Thu, 31 Jan 2013 00:19:10 GMT https://live.paloaltonetworks.com/t5/general-topics/settings-for-getting-hyper-v-working-in-pan/m-p/18600#M13571 lwilliams415 2013-01-31T00:19:10Z https://live.paloaltonetworks.com/t5/general-topics/settings-for-getting-hyper-v-working-in-pan/m-p/18601#M13572 <HTML><HEAD></HEAD><BODY><P>I figured it out. I ended up moving away from the App-ID way and going with services. I just looked at the network flow and seen what ports were being called and created services for each port and then put them into a Service Group and applied it to my Hyper-V rule and now everything is working.</P></BODY></HTML> Thu, 31 Jan 2013 17:10:03 GMT https://live.paloaltonetworks.com/t5/general-topics/settings-for-getting-hyper-v-working-in-pan/m-p/18601#M13572 lwilliams415 2013-01-31T17:10:03Z https://live.paloaltonetworks.com/t5/general-topics/settings-for-getting-hyper-v-working-in-pan/m-p/18602#M13573 <HTML><HEAD></HEAD><BODY><P>Thanks for following up on this one, I'm sure it will help other folks who are in a Hyper-V environment</P></BODY></HTML> Thu, 31 Jan 2013 18:06:33 GMT https://live.paloaltonetworks.com/t5/general-topics/settings-for-getting-hyper-v-working-in-pan/m-p/18602#M13573 ericgearhart 2013-01-31T18:06:33Z https://live.paloaltonetworks.com/t5/general-topics/settings-for-getting-hyper-v-working-in-pan/m-p/18603#M13574 <HTML><HEAD></HEAD><BODY><P>Do be more specific what I did:</P><OL><LI>I created the following Services with these ports<OL><LI>ms-rpc: tcp/135,49154</LI><LI>ms-ds-smb-tcp: tcp/445,139</LI><LI>ms-ds-smb-udp: udp/445</LI><LI>hyper-v-rdp: tcp/2179</LI></OL></LI><LI>I then created a Service Group called Hyper-V-SVG and added those services to it.</LI><LI>I applied this service group to my Hyper-V server rule Allowing it and everything worked!</LI></OL></BODY></HTML> Thu, 31 Jan 2013 19:40:42 GMT https://live.paloaltonetworks.com/t5/general-topics/settings-for-getting-hyper-v-working-in-pan/m-p/18603#M13574 lwilliams415 2013-01-31T19:40:42Z