https://live.paloaltonetworks.com/t5/general-topics/open-port/m-p/255307#M72453 <P>It sounds like you have an inbound service on port 6965 you want to block?&nbsp; You can do this on a PAN but... if you want to do it the PAN way, you need to figure out what application is actually talking.&nbsp; This way you can deny based on user/application and not port/protocol.&nbsp; Of course not all apps will be recognized.&nbsp; In this case you could make a special rule and use the "service" field in a policy rule to filter out port 6965.</P> Thu, 28 Mar 2019 19:53:03 GMT jeremy.larsen 2019-03-28T19:53:03Z https://live.paloaltonetworks.com/t5/general-topics/open-port/m-p/255285#M72447 <P>I need to create security rule and/or not to allow port 6965 to a device. Do I need both a NAT and security rule? Need to find out from vendor if port is TCP, UDP or both. I have PA-3020 running PAN-OS 8.0.13.</P> Thu, 28 Mar 2019 17:14:11 GMT https://live.paloaltonetworks.com/t5/general-topics/open-port/m-p/255285#M72447 seanmccoy 2019-03-28T17:14:11Z https://live.paloaltonetworks.com/t5/general-topics/open-port/m-p/255292#M72448 <P>NAT is only necessary depending on your use case.&nbsp; NAT itself isn't needed to allow access to a host over a specific port.&nbsp; It's likely just the security rule you need.</P> Thu, 28 Mar 2019 17:44:10 GMT https://live.paloaltonetworks.com/t5/general-topics/open-port/m-p/255292#M72448 Brandon_Wertz 2019-03-28T17:44:10Z https://live.paloaltonetworks.com/t5/general-topics/open-port/m-p/255307#M72453 <P>It sounds like you have an inbound service on port 6965 you want to block?&nbsp; You can do this on a PAN but... if you want to do it the PAN way, you need to figure out what application is actually talking.&nbsp; This way you can deny based on user/application and not port/protocol.&nbsp; Of course not all apps will be recognized.&nbsp; In this case you could make a special rule and use the "service" field in a policy rule to filter out port 6965.</P> Thu, 28 Mar 2019 19:53:03 GMT https://live.paloaltonetworks.com/t5/general-topics/open-port/m-p/255307#M72453 jeremy.larsen 2019-03-28T19:53:03Z https://live.paloaltonetworks.com/t5/general-topics/open-port/m-p/255313#M72457 <P>i actually need to open port 6965 to ATM machine at a yet to be determined IP address. I need to find out from the vendor what app is actually talking (if there is one).</P> Thu, 28 Mar 2019 20:09:40 GMT https://live.paloaltonetworks.com/t5/general-topics/open-port/m-p/255313#M72457 seanmccoy 2019-03-28T20:09:40Z