https://live.paloaltonetworks.com/t5/general-topics/implicit-applications-with-cotp-ms-rdp-in-security-policies/m-p/294040#M77643 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/112936">@MathewRD</a>&nbsp;.</P><P>&nbsp;</P><P>when the tcp handshake is initiated for any application the firewall will view all policies for an explicit allow. If none are available then it will check again for any implicit allows.</P><P>&nbsp;</P><P>i found these links helpful.</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLLICA4" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLLICA4</A></P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK</A></P><P>&nbsp;</P> Thu, 24 Oct 2019 08:12:07 GMT Mick_Ball 2019-10-24T08:12:07Z https://live.paloaltonetworks.com/t5/general-topics/implicit-applications-with-cotp-ms-rdp-in-security-policies/m-p/293937#M77638 <P>Hello everyone,</P><P>&nbsp;</P><P>Been testing some PA firewall functionality and noticed that ms-rdp has the implicit use of "cotp" defined, but the cotp application matches to a rule further down the policy list. When I review the logs, it looks like this</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PAFWRDPCOTP.PNG" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/21885iB7B90DC186DC1474/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="PAFWRDPCOTP.PNG" alt="PAFWRDPCOTP.PNG" /></span></P><P>Am I misunderstanding having cotp as implicitly allowed by the ms-rdp application? Not sure why ms-rdp is allowed as part of the Test-RDP rule but then cotp drops down to a policy further in the list.</P><P>&nbsp;</P><P>I could add the cotp application to the Test-RDP rule, but shouldn't Test-RDP be where cotp is getting caught already?</P><P>&nbsp;</P><P>Thanks!</P> Wed, 23 Oct 2019 19:17:46 GMT https://live.paloaltonetworks.com/t5/general-topics/implicit-applications-with-cotp-ms-rdp-in-security-policies/m-p/293937#M77638 MathewRD 2019-10-23T19:17:46Z https://live.paloaltonetworks.com/t5/general-topics/implicit-applications-with-cotp-ms-rdp-in-security-policies/m-p/294040#M77643 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/112936">@MathewRD</a>&nbsp;.</P><P>&nbsp;</P><P>when the tcp handshake is initiated for any application the firewall will view all policies for an explicit allow. If none are available then it will check again for any implicit allows.</P><P>&nbsp;</P><P>i found these links helpful.</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLLICA4" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLLICA4</A></P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK</A></P><P>&nbsp;</P> Thu, 24 Oct 2019 08:12:07 GMT https://live.paloaltonetworks.com/t5/general-topics/implicit-applications-with-cotp-ms-rdp-in-security-policies/m-p/294040#M77643 Mick_Ball 2019-10-24T08:12:07Z