https://live.paloaltonetworks.com/t5/general-topics/policies-application-question/m-p/130586#M46852 <P>Hi,</P><P>&nbsp;</P><P>Yes, you need to specify an application in the&nbsp;policy and I would advise using default in the service tab. Palo will do deep packet inspection ( APP-ID) hence tunnelling unlikely here.</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Community-Blog/What-is-App-ID/ba-p/51878" target="_blank">https://live.paloaltonetworks.com/t5/Community-Blog/What-is-App-ID/ba-p/51878</A></P> Fri, 02 Dec 2016 11:45:25 GMT TranceforLife 2016-12-02T11:45:25Z https://live.paloaltonetworks.com/t5/general-topics/policies-application-question/m-p/130579#M46851 <P>Just trying to understand PAN and policies better.</P><P>&nbsp;</P><P>If we want to allow all web-browsing, what can we do?</P><P>&nbsp;</P><P>As soon as the application is identified, we will need a policy for this specific application (for example Google base). Otherwise we will hit an interzone default deny (if between zones).</P><P>&nbsp;</P><P>I can allow port 80 and 443 as services, but this will allow tunneling traffic on these ports. But I would like to allow only web browsing.</P><P>&nbsp;</P><P>How can this be done?</P> Fri, 02 Dec 2016 11:29:31 GMT https://live.paloaltonetworks.com/t5/general-topics/policies-application-question/m-p/130579#M46851 mathiasj 2016-12-02T11:29:31Z https://live.paloaltonetworks.com/t5/general-topics/policies-application-question/m-p/130586#M46852 <P>Hi,</P><P>&nbsp;</P><P>Yes, you need to specify an application in the&nbsp;policy and I would advise using default in the service tab. Palo will do deep packet inspection ( APP-ID) hence tunnelling unlikely here.</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Community-Blog/What-is-App-ID/ba-p/51878" target="_blank">https://live.paloaltonetworks.com/t5/Community-Blog/What-is-App-ID/ba-p/51878</A></P> Fri, 02 Dec 2016 11:45:25 GMT https://live.paloaltonetworks.com/t5/general-topics/policies-application-question/m-p/130586#M46852 TranceforLife 2016-12-02T11:45:25Z https://live.paloaltonetworks.com/t5/general-topics/policies-application-question/m-p/130607#M46857 <P>i did a little video on the topic <span class="lia-unicode-emoji" title=":winking_face:">😉</span> : <A title=" Configuring Your Security Policy" href="https://live.paloaltonetworks.com/t5/Featured-Articles/Configuring-Your-Security-Policy/ta-p/78659" target="_blank"> Configuring Your Security Policy</A></P> Fri, 02 Dec 2016 13:08:32 GMT https://live.paloaltonetworks.com/t5/general-topics/policies-application-question/m-p/130607#M46857 reaper 2016-12-02T13:08:32Z