https://live.paloaltonetworks.com/t5/general-topics/standard-ports-on-applications/m-p/5089#M3738 <HTML><HEAD></HEAD><BODY><P>Thank you. <SPAN style="font-family: 'Calibri','sans-serif'; font-size: 11pt; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-bidi-theme-font: minor-bidi; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA;">I will implement something along this line whena get a window to test it.</SPAN></P></BODY></HTML> Mon, 21 Jan 2013 16:44:49 GMT murphyj 2013-01-21T16:44:49Z https://live.paloaltonetworks.com/t5/general-topics/standard-ports-on-applications/m-p/5087#M3736 <HTML><HEAD></HEAD><BODY><P>I was wondering if anyone knew away to add a secondary default<BR />port on an application. For example people in my company access web-browsing on<BR />port 80 normally but there are a number of site that people have to use that<BR />are based on port 8080. Is there a way to add more default ports so I do not<BR />have to create more firewall rules than necessary?&nbsp; Thanks for your time.</P></BODY></HTML> Wed, 16 Jan 2013 21:41:48 GMT https://live.paloaltonetworks.com/t5/general-topics/standard-ports-on-applications/m-p/5087#M3736 murphyj 2013-01-16T21:41:48Z https://live.paloaltonetworks.com/t5/general-topics/standard-ports-on-applications/m-p/5088#M3737 <HTML><HEAD></HEAD><BODY><P>"default-application" is hardcoded in the application-db.</P><P></P><P>You can however setup your own service-group which contains both TCP80 and TCP8080.</P><P></P><P>A problem with that might be if you in the same rule allow (or deny) more than one application.</P><P></P><P>For example:</P><P></P><P>appid: smtp, ssh</P><P>service: application-default</P><P></P><P>would mean that smtp would only be allowed on its default-port(s) (TCP25) while ssh would be allowed on its default-port(s) (TCP22).</P><P></P><P>Compared to if you have:</P><P></P><P>appid: smtp, ssh</P><P>service: test-service (containing TCP25, TCP22)</P><P></P><P>which would allow SMTP on both TCP25 and TCP22 and SSH on both TCP25 and TCP22.</P><P></P><P>A workaround for the above is of course to have one rule for smtp and another one for ssh and if you are not happy with application-default manually specify which port(s) should be allowed for each rule.</P><P></P><P>I think a workaround in your case might be if you create a custom-appid (name it custom-web-browsing or so) which is (in your case) based on "web-browsing" but where you for application-default type both TCP80 and TCP8080.</P><P></P><P>However im not sure if this custom-app will be detected before or after the built-in appid.</P></BODY></HTML> Thu, 17 Jan 2013 06:24:20 GMT https://live.paloaltonetworks.com/t5/general-topics/standard-ports-on-applications/m-p/5088#M3737 mikand 2013-01-17T06:24:20Z https://live.paloaltonetworks.com/t5/general-topics/standard-ports-on-applications/m-p/5089#M3738 <HTML><HEAD></HEAD><BODY><P>Thank you. <SPAN style="font-family: 'Calibri','sans-serif'; font-size: 11pt; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-bidi-theme-font: minor-bidi; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA;">I will implement something along this line whena get a window to test it.</SPAN></P></BODY></HTML> Mon, 21 Jan 2013 16:44:49 GMT https://live.paloaltonetworks.com/t5/general-topics/standard-ports-on-applications/m-p/5089#M3738 murphyj 2013-01-21T16:44:49Z https://live.paloaltonetworks.com/t5/general-topics/standard-ports-on-applications/m-p/5090#M3739 <HTML><HEAD></HEAD><BODY><P>Do you know if I can copy or reference a predefined appid into a new custom-named one with other default ports? Or do I have to build all custom appids completely from scratch?</P></BODY></HTML> Fri, 27 Mar 2015 13:25:16 GMT https://live.paloaltonetworks.com/t5/general-topics/standard-ports-on-applications/m-p/5090#M3739 tsvaps001 2015-03-27T13:25:16Z