topic LDAPS TCP-636 shows as SSL in General Topics https://live.paloaltonetworks.com/t5/general-topics/ldaps-tcp-636-shows-as-ssl/m-p/19590#M14311 <HTML><HEAD></HEAD><BODY><P>Im creating a rule base to limit port access to a Domain Controller in a DMZ. I want to allow TCP/636 (or LDAPS) to this server as well as a group of other applications.</P><P></P><P>The only problem is that there is no LDAPS application defined. The application LDAP is defined as TCP/389 as it should be. LDAP also has TCP/636 defined but the PA does not identify TCP636 as LDAP traffic. I even created a new application LDAPS as TCP636 but the PA only recognizes it as application SSL over TCP/636. That would be fine but I dont want to create a new rule for a Service Object, I want to include it in the applications group. Nor do I want to allow all SSL to the domain controller. </P><P></P><P>Any thoughts ? Thanks,</P><P><BR />Justin</P></BODY></HTML> Mon, 01 Apr 2013 17:42:07 GMT jhickey 2013-04-01T17:42:07Z LDAPS TCP-636 shows as SSL https://live.paloaltonetworks.com/t5/general-topics/ldaps-tcp-636-shows-as-ssl/m-p/19590#M14311 <HTML><HEAD></HEAD><BODY><P>Im creating a rule base to limit port access to a Domain Controller in a DMZ. I want to allow TCP/636 (or LDAPS) to this server as well as a group of other applications.</P><P></P><P>The only problem is that there is no LDAPS application defined. The application LDAP is defined as TCP/389 as it should be. LDAP also has TCP/636 defined but the PA does not identify TCP636 as LDAP traffic. I even created a new application LDAPS as TCP636 but the PA only recognizes it as application SSL over TCP/636. That would be fine but I dont want to create a new rule for a Service Object, I want to include it in the applications group. Nor do I want to allow all SSL to the domain controller. </P><P></P><P>Any thoughts ? Thanks,</P><P><BR />Justin</P></BODY></HTML> Mon, 01 Apr 2013 17:42:07 GMT https://live.paloaltonetworks.com/t5/general-topics/ldaps-tcp-636-shows-as-ssl/m-p/19590#M14311 jhickey 2013-04-01T17:42:07Z Re: LDAPS TCP-636 shows as SSL https://live.paloaltonetworks.com/t5/general-topics/ldaps-tcp-636-shows-as-ssl/m-p/19591#M14312 <HTML><HEAD></HEAD><BODY><P>LDAPS is SSL.</P><P></P><P>Or rather LDAP within SSL-tunnel.</P><P></P><P>In order to make your PA to identify this properly you need to enable SSL-termination (SSL-decrypt).</P></BODY></HTML> Mon, 01 Apr 2013 20:31:37 GMT https://live.paloaltonetworks.com/t5/general-topics/ldaps-tcp-636-shows-as-ssl/m-p/19591#M14312 mikand 2013-04-01T20:31:37Z