https://live.paloaltonetworks.com/t5/general-topics/application-vs-service-in-pa/m-p/222320#M63939 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/90544">@nsrini1991</a></P><P>&nbsp;</P><P>If you set the service to 'any' the firewall continues to inspect traffic at the application layer, but this will allow ssl and web-browsing really on ANY port.</P><P>Almost all applications have a default port assigned, but this will only be enforced if you configure 'application-default' as service. This also means you cannot really filter for ports just with applications in your policy. The service column is also required to achieve the required result. (Except if you really want to allow web-browsing/ssl (or others) on ANY port, then of course ANY as service is the appropriate decision)</P> Sun, 15 Jul 2018 07:29:17 GMT Remo 2018-07-15T07:29:17Z https://live.paloaltonetworks.com/t5/general-topics/application-vs-service-in-pa/m-p/222311#M63936 <P>Hi Experts,</P><P>&nbsp;</P><P>&nbsp;I've query in Application vs Service columns. As we all know the Palo Alto preferred method is to use Application column (SSL, Web-browsing) and refer to 'Application default' in Service.</P><P>&nbsp;</P><P>My query is, if we mark 'ANY' in Service column and filter the ports in Application column (SSL, Web-browsing)&nbsp; will PA firewall stop further processing and allow the traffic by looking&nbsp;@L4&nbsp;or will the inspection be continued for application layer. Please assist.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PA1.JPG" style="width: 272px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/15914i18CF5B9B366AF012/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="PA1.JPG" alt="PA1.JPG" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>Regards,</P><P>Srinivasan</P> Sun, 15 Jul 2018 04:01:21 GMT https://live.paloaltonetworks.com/t5/general-topics/application-vs-service-in-pa/m-p/222311#M63936 nsrini1991 2018-07-15T04:01:21Z https://live.paloaltonetworks.com/t5/general-topics/application-vs-service-in-pa/m-p/222320#M63939 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/90544">@nsrini1991</a></P><P>&nbsp;</P><P>If you set the service to 'any' the firewall continues to inspect traffic at the application layer, but this will allow ssl and web-browsing really on ANY port.</P><P>Almost all applications have a default port assigned, but this will only be enforced if you configure 'application-default' as service. This also means you cannot really filter for ports just with applications in your policy. The service column is also required to achieve the required result. (Except if you really want to allow web-browsing/ssl (or others) on ANY port, then of course ANY as service is the appropriate decision)</P> Sun, 15 Jul 2018 07:29:17 GMT https://live.paloaltonetworks.com/t5/general-topics/application-vs-service-in-pa/m-p/222320#M63939 Remo 2018-07-15T07:29:17Z