https://live.paloaltonetworks.com/t5/general-topics/webbrowsing-on-non-standard-http-ports/m-p/19646#M14347 <HTML><HEAD></HEAD><BODY><P>What is the best way for me to implement a rule that allows http traffic over non standard ports?</P><P></P><P>Our security standards require that we use a feature similar to what is available in Checkpoint that allows us to lock the port down based on protocol. Ex: port 55000 is open and allowed assuming the traffic is http or https.</P><P></P><P>Any help would be appreciated.</P></BODY></HTML> Wed, 28 Aug 2013 20:56:29 GMT smccall 2013-08-28T20:56:29Z https://live.paloaltonetworks.com/t5/general-topics/webbrowsing-on-non-standard-http-ports/m-p/19646#M14347 <HTML><HEAD></HEAD><BODY><P>What is the best way for me to implement a rule that allows http traffic over non standard ports?</P><P></P><P>Our security standards require that we use a feature similar to what is available in Checkpoint that allows us to lock the port down based on protocol. Ex: port 55000 is open and allowed assuming the traffic is http or https.</P><P></P><P>Any help would be appreciated.</P></BODY></HTML> Wed, 28 Aug 2013 20:56:29 GMT https://live.paloaltonetworks.com/t5/general-topics/webbrowsing-on-non-standard-http-ports/m-p/19646#M14347 smccall 2013-08-28T20:56:29Z https://live.paloaltonetworks.com/t5/general-topics/webbrowsing-on-non-standard-http-ports/m-p/19647#M14348 <HTML><HEAD></HEAD><BODY><P>When creating security rules, in the Application section configure: Web Browsing but in the Service section refer to the ports you are interested in allowing.</P><P>You may have to create a custom service and allow these non standard ports and then call that custom service in the security rule (where it says service). That way when traffic is checked against the security rule, you'd have web browsing AND the port (allowed via service) and only if the two web browsing on that non standard port match, will the traffic be allowed</P><P></P><P></P><P>So e.g.&nbsp; your service would look like</P><P></P><P><IMG alt="services.PNG.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/7979_services.PNG.png" style="width: 620px; height: 65px;" /></P><P></P><P>Where service-http goes to 80 and 8080</P><P></P><P>and the security policy would be:</P><P></P><P><IMG alt="security.PNG.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/7980_security.PNG.png" style="width: 620px; height: 9px;" /></P></BODY></HTML> Wed, 28 Aug 2013 21:22:08 GMT https://live.paloaltonetworks.com/t5/general-topics/webbrowsing-on-non-standard-http-ports/m-p/19647#M14348 sjamaluddin 2013-08-28T21:22:08Z https://live.paloaltonetworks.com/t5/general-topics/webbrowsing-on-non-standard-http-ports/m-p/19648#M14349 <HTML><HEAD></HEAD><BODY><P>I would suggest you to set the application as any and service port as the non-standard port that you use. Once the traffic traverses the firewall the application would show up and then you can modify the rule to incorporate it.</P></BODY></HTML> Wed, 28 Aug 2013 21:23:21 GMT https://live.paloaltonetworks.com/t5/general-topics/webbrowsing-on-non-standard-http-ports/m-p/19648#M14349 sraghunandan 2013-08-28T21:23:21Z https://live.paloaltonetworks.com/t5/general-topics/webbrowsing-on-non-standard-http-ports/m-p/19649#M14350 <HTML><HEAD></HEAD><BODY><P>I goofed around a bit and figured this was the way to do it, but thank you very much for the response.</P><P>Nice to have someone confirm my thoughts.</P></BODY></HTML> Thu, 29 Aug 2013 14:21:23 GMT https://live.paloaltonetworks.com/t5/general-topics/webbrowsing-on-non-standard-http-ports/m-p/19649#M14350 smccall 2013-08-29T14:21:23Z