https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218620#M63187 <P>Set the application like you have it.</P><P>&nbsp;</P><P>Change the service field to "application-default".&nbsp; Or, if you are running rtp/rtcp on non-standard ports, then list those ports here.</P> Wed, 20 Jun 2018 19:49:07 GMT fjwcash 2018-06-20T19:49:07Z https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218346#M63121 <P>i,</P><P>&nbsp;</P><P>We are having a weird behaviour with rtcp-base and rtcp apps.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 21 Jun 2018 09:05:08 GMT https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218346#M63121 soporteseguridad 2018-06-21T09:05:08Z https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218361#M63125 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/9102">@soporteseguridad</a>,</P><P>What does eithe security policy actually look like, could you post how you have those configured as well?&nbsp;</P> Tue, 19 Jun 2018 15:09:57 GMT https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218361#M63125 BPry 2018-06-19T15:09:57Z https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218365#M63127 <P>Hi,</P><P>&nbsp;</P> Thu, 21 Jun 2018 09:04:45 GMT https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218365#M63127 soporteseguridad 2018-06-21T09:04:45Z https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218367#M63128 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/9102">@soporteseguridad</a>,</P><P>I'ts because you have an application specified when specifying the service as 'any'. The first few packets in a flow are unable to be identified as rtcp or rtp-base traffic and will therefore match your Temp rule until the traffic is identified. When the application changes and goes back through the security policy it will match your 'Telefonica Hacia Sede' policy as it now has the proper app-id identified.&nbsp;</P> Tue, 19 Jun 2018 15:45:09 GMT https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218367#M63128 BPry 2018-06-19T15:45:09Z https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218467#M63144 <P>Yes, but we dont see "incomplete" and some sessions are matching with the same values. So if we dont have a below rule with any, this traffic would be denied??? What it would be the best practices to match only in the correct rule?</P> Wed, 20 Jun 2018 07:37:23 GMT https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218467#M63144 soporteseguridad 2018-06-20T07:37:23Z https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218620#M63187 <P>Set the application like you have it.</P><P>&nbsp;</P><P>Change the service field to "application-default".&nbsp; Or, if you are running rtp/rtcp on non-standard ports, then list those ports here.</P> Wed, 20 Jun 2018 19:49:07 GMT https://live.paloaltonetworks.com/t5/general-topics/behaviour-rtcp-sessions/m-p/218620#M63187 fjwcash 2018-06-20T19:49:07Z