topic Application issues Via VPN with Peer in General Topics https://live.paloaltonetworks.com/t5/general-topics/application-issues-via-vpn-with-peer/m-p/184864#M56639 <P>Hi Guys,</P><P>&nbsp;</P><P>I need some help dealing with CyberAck over VPN. The problem is that I created and established a VPN with a remote peer for CyberAck traffic. Service is Any but application is default. Traffic is allowed via the firewall but I get an error (tcp-rst-from-server) on both sides or server and client. Cyberack uses TCP ports 4118, 4119, 4120 which I custom&nbsp;created. This did not work so I set the service to any and application to default and still get the same error - tcp-rst-from-server.</P><P>&nbsp;</P><P>But when I set the application to Any and service to Any, everything works fine. And this defeats my reason for a firewall in the first place.&nbsp;Monitoring the rule in action,&nbsp;I noticed that service is coming and going as 4120, 4118 etc and application is set to SSL. This is obviously not a default SSL so hence failing.&nbsp;I think what happens is this - <A href="https://10.10.10.25:4118" target="_blank">https://10.10.10.25:4118</A>.</P><P>&nbsp;</P><P>Does anyone know how I can overcome this problem?</P><P>&nbsp;</P><P>Any help will be much appreciated.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 01 Nov 2017 10:15:54 GMT Light-Regions 2017-11-01T10:15:54Z Application issues Via VPN with Peer https://live.paloaltonetworks.com/t5/general-topics/application-issues-via-vpn-with-peer/m-p/184864#M56639 <P>Hi Guys,</P><P>&nbsp;</P><P>I need some help dealing with CyberAck over VPN. The problem is that I created and established a VPN with a remote peer for CyberAck traffic. Service is Any but application is default. Traffic is allowed via the firewall but I get an error (tcp-rst-from-server) on both sides or server and client. Cyberack uses TCP ports 4118, 4119, 4120 which I custom&nbsp;created. This did not work so I set the service to any and application to default and still get the same error - tcp-rst-from-server.</P><P>&nbsp;</P><P>But when I set the application to Any and service to Any, everything works fine. And this defeats my reason for a firewall in the first place.&nbsp;Monitoring the rule in action,&nbsp;I noticed that service is coming and going as 4120, 4118 etc and application is set to SSL. This is obviously not a default SSL so hence failing.&nbsp;I think what happens is this - <A href="https://10.10.10.25:4118" target="_blank">https://10.10.10.25:4118</A>.</P><P>&nbsp;</P><P>Does anyone know how I can overcome this problem?</P><P>&nbsp;</P><P>Any help will be much appreciated.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 01 Nov 2017 10:15:54 GMT https://live.paloaltonetworks.com/t5/general-topics/application-issues-via-vpn-with-peer/m-p/184864#M56639 Light-Regions 2017-11-01T10:15:54Z Re: Application issues Via VPN with Peer https://live.paloaltonetworks.com/t5/general-topics/application-issues-via-vpn-with-peer/m-p/184948#M56656 <P>You'll need to create an application override policy to force that traffic to the application(s) you created. Here are the steps:</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Learning-Articles/Tips-amp-Tricks-How-to-Create-an-Application-Override/ta-p/65513" target="_blank">https://live.paloaltonetworks.com/t5/Learning-Articles/Tips-amp-Tricks-How-to-Create-an-Application-Override/ta-p/65513</A></P> Wed, 01 Nov 2017 16:32:43 GMT https://live.paloaltonetworks.com/t5/general-topics/application-issues-via-vpn-with-peer/m-p/184948#M56656 gwesson 2017-11-01T16:32:43Z