https://live.paloaltonetworks.com/t5/general-topics/policy-not-catching-correct-traffic/m-p/239245#M68508 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/95713">@ChickenTenderer</a></P><P>&nbsp;</P><P>IP Protocol number of etherip (97) is not as same as TCP. I think that is the reason why it is not hitting the above rule when you defined TCP ports there. Traffic which is having destination port 20033 and with IP protocol number 6 or 17 will only hit this rule. Can you change it to applicationd deafult and see if it is working?</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Pic.PNG" style="width: 384px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17495i3F6493AA11BA1D33/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Pic.PNG" alt="Pic.PNG" /></span></P> Fri, 09 Nov 2018 05:52:45 GMT Rajesh12 2018-11-09T05:52:45Z https://live.paloaltonetworks.com/t5/general-topics/policy-not-catching-correct-traffic/m-p/239175#M68500 <P>Hi all, first time poster so go easy!</P><P>&nbsp;</P><P>We're running into an issue where a rule that is meant to catch ether-ip traffic on port 20033 is slipping through and being caught by a lower rule which allows any application and service. Rules as follows:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="rules.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17471i3A2535F0D300A80F/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="rules.png" alt="rules.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="rulebig.png" style="width: 260px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17473i0717867F109F0CA1/image-dimensions/260x103/is-moderation-mode/true?v=v2" width="260" height="103" role="button" title="rulebig.png" alt="rulebig.png" /></span></P><P>&nbsp;</P><P>When running the "show session all filter rule X" command in cli, we can see that sessions are only established for the lower one, and not the higher one.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cli.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17472i8BF9571481A98173/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="cli.png" alt="cli.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>I suppose I'm wondering if the rules have been configured incorrectly caused by me missing something, or if it's configured fine and this appears to be a bug.</P><P>&nbsp;</P><P>Many thanks!</P> Fri, 09 Nov 2018 02:38:29 GMT https://live.paloaltonetworks.com/t5/general-topics/policy-not-catching-correct-traffic/m-p/239175#M68500 ChickenTenderer 2018-11-09T02:38:29Z https://live.paloaltonetworks.com/t5/general-topics/policy-not-catching-correct-traffic/m-p/239245#M68508 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/95713">@ChickenTenderer</a></P><P>&nbsp;</P><P>IP Protocol number of etherip (97) is not as same as TCP. I think that is the reason why it is not hitting the above rule when you defined TCP ports there. Traffic which is having destination port 20033 and with IP protocol number 6 or 17 will only hit this rule. Can you change it to applicationd deafult and see if it is working?</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Pic.PNG" style="width: 384px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17495i3F6493AA11BA1D33/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Pic.PNG" alt="Pic.PNG" /></span></P> Fri, 09 Nov 2018 05:52:45 GMT https://live.paloaltonetworks.com/t5/general-topics/policy-not-catching-correct-traffic/m-p/239245#M68508 Rajesh12 2018-11-09T05:52:45Z https://live.paloaltonetworks.com/t5/general-topics/policy-not-catching-correct-traffic/m-p/239434#M68564 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/100390">@Rajesh12</a></P><P>&nbsp;</P><P>Thanks for your reply - your recommendation worked like a charm!</P><P>Looks like I'll have to be aware of that in the future.</P> Sun, 11 Nov 2018 20:53:42 GMT https://live.paloaltonetworks.com/t5/general-topics/policy-not-catching-correct-traffic/m-p/239434#M68564 ChickenTenderer 2018-11-11T20:53:42Z