topic Re: Applications On Non-Standard Ports in General Topics

Applications On Non-Standard Ports

MikeMeredith — Wed, 24 Feb 2016 11:50:05 GMT

It's perfectly possible I'm being unusually dumb here, but I can't see an elegant way of allowing application usage on non-standard ports - for example ssh on tcp/32777. The obvious way of doing it is to allow a rule that allows appid:ssh on service:ssh-ports (being a service group consisting of tcp/22 and tcp/32777).

That works fine, but is rather clumsy when you have a rule that has thousands of applications with service set to "application default" (you end up with dozens of rules to cope with all the non-standard ports).

I looked to see if you can change the 'application-default' for an application to add custom port numbers.

I've tried creating a custom application which is tcp/32777 and a parent application of 'ssh'. Doesn't seem to work.

Am I missing something obvious? Or am I not trying hard enough with the custom application rule?

Re: Applications On Non-Standard Ports

bmorris1 — Wed, 24 Feb 2016 12:05:09 GMT

Hi Mike,

I think the best thing to do in this situation, if you want to allow non-standard ports, is to create separate rules for them so you allow SSH & service tcp 32777. You can apply content-ID & user-ID to make sure the traffic isn't dodgy (as long as decryption is enabled for SSH) and lock down the users so that only the required people can use this port for SSH.

hope this helps!

Ben

Re: Applications On Non-Standard Ports

vkalal — Wed, 24 Feb 2016 15:14:57 GMT

> I agree with bmorris1 and I don't think you will be able to add the custom app as a part of application-default group

Re: Applications On Non-Standard Ports

MikeMeredith — Wed, 24 Feb 2016 16:02:00 GMT

Thanks.

That's pretty much the solution I've used. I just wanted to know if I was missing something obvious.