https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120826#M45991 <P>Actually what I mean some application uses dynamic ports. In this case, I need to make service any? there is any ALG concept on Palo Alto?</P> Mon, 24 Oct 2016 14:55:35 GMT ghostrider 2016-10-24T14:55:35Z https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120753#M45975 <P>Hello Experts</P><P>&nbsp;</P><P>Is it OK to to put application specific and port any in the security policy, specially if ports are dynamic like SQL DB?</P><P>&nbsp;</P><P>Regards,</P><P>&nbsp;</P><P>GR</P> Mon, 24 Oct 2016 11:29:36 GMT https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120753#M45975 ghostrider 2016-10-24T11:29:36Z https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120795#M45982 <P>Hi Ghostrider,</P><P>&nbsp;</P><P>That completely depends on what your buisness requirements are. If you are using MS-SQL then the standard ports are&nbsp;tcp/1433, udp/1433. MySQL is&nbsp; tcp/3306. Check which data base you are using and what ports it is configured to use. Ideally you would want the security policies to be locked down so you only allow the traffic you need/want to.</P><P>&nbsp;</P><P>hope this helps,</P><P>Ben</P> Mon, 24 Oct 2016 12:35:25 GMT https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120795#M45982 bmorris1 2016-10-24T12:35:25Z https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120826#M45991 <P>Actually what I mean some application uses dynamic ports. In this case, I need to make service any? there is any ALG concept on Palo Alto?</P> Mon, 24 Oct 2016 14:55:35 GMT https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120826#M45991 ghostrider 2016-10-24T14:55:35Z https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120828#M45993 <P>Hello,</P><P>&nbsp;</P><P>Sure there is and MySQL is on a list ;</P><P>&nbsp;</P><P><A href="https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/app-id/application-level-gateways" target="_blank">https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/app-id/application-level-gateways</A></P><P>&nbsp;</P><P>Thx</P> Mon, 24 Oct 2016 15:02:46 GMT https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120828#M45993 TranceforLife 2016-10-24T15:02:46Z https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120830#M45995 <P>Thanks. So for example MySQL is using dynamic ports then what I need to allow in the policy? for sure application MySQL (which I am supposing allow on default ports) and what about service? what I would select any or default ports and ALG will take care of dynamic port?</P><P>&nbsp;</P><P>Appreciated your reply</P> Mon, 24 Oct 2016 15:05:47 GMT https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120830#M45995 ghostrider 2016-10-24T15:05:47Z https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120838#M45996 <P>l would try to use app as MySQL with default ports in the services. If your MySQL app configured to&nbsp;use initially a defaul&nbsp;port firewall will allow a dynamically requested ports, similar way to FTP</P> Mon, 24 Oct 2016 15:10:30 GMT https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120838#M45996 TranceforLife 2016-10-24T15:10:30Z https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120937#M46004 <P>Thank you and make sense !</P> Mon, 24 Oct 2016 20:53:51 GMT https://live.paloaltonetworks.com/t5/general-topics/application-specific-and-port-any/m-p/120937#M46004 ghostrider 2016-10-24T20:53:51Z