topic Basic Question on Apps vs Service Relationships in General Topics https://live.paloaltonetworks.com/t5/general-topics/basic-question-on-apps-vs-service-relationships/m-p/10747#M7924 <HTML><HEAD></HEAD><BODY><P>I have attached a PDF that shows screenshots of the same rule, in four different variations.</P><P></P><P>I am trying to understand the relationships between using applications and traditional ports.</P><P></P><P>I have a server that has a static public IP NATed to the private internal IP.</P><P>I need telnet, FTP and web browsing allowed on it.</P><P></P><P>I originally setup the rule to be like # 3.&nbsp; Using the default PA provided service group of service-http that does 80 and 8080 and applications FTP and Telnet.&nbsp; None of the three services worked under this configuration.</P><P></P><P>I modified the rule to look like # 1 and all three services worked.</P><P></P><P>So I played with it more to see about how the relationships work between applications and services and came up with two additional variations.&nbsp; # 2 and # 4.</P><P></P><P># 2 works like # 1, all three applications work.</P><P></P><P># 4, FTP and Telnet do not work, but the website does.</P><P></P><P>So my question to you all is what is this relationship doing?&nbsp; Why does # 3 not allow any of the three services to work, yet # 4 allows the website to work but not ftp and telnet?&nbsp; Can I mix and match applications and services in the same rule or do I need to break them apart? </P><P></P><P>This simple example is not a big deal but I have some servers that use known applications like FTP and MSSQL that I would like to switch over to use pure applications for them in the rule but they also have some proprietary ports that are unique to them that I will need to keep listed as services.&nbsp; So before I start mucking with them I'd like to have a better understanding of how this is supposed to be working.</P><P></P><P>Thanks for any advice and guidance.</P></BODY></HTML> Mon, 28 Nov 2011 21:00:19 GMT nathan_gilmore 2011-11-28T21:00:19Z Basic Question on Apps vs Service Relationships https://live.paloaltonetworks.com/t5/general-topics/basic-question-on-apps-vs-service-relationships/m-p/10747#M7924 <HTML><HEAD></HEAD><BODY><P>I have attached a PDF that shows screenshots of the same rule, in four different variations.</P><P></P><P>I am trying to understand the relationships between using applications and traditional ports.</P><P></P><P>I have a server that has a static public IP NATed to the private internal IP.</P><P>I need telnet, FTP and web browsing allowed on it.</P><P></P><P>I originally setup the rule to be like # 3.&nbsp; Using the default PA provided service group of service-http that does 80 and 8080 and applications FTP and Telnet.&nbsp; None of the three services worked under this configuration.</P><P></P><P>I modified the rule to look like # 1 and all three services worked.</P><P></P><P>So I played with it more to see about how the relationships work between applications and services and came up with two additional variations.&nbsp; # 2 and # 4.</P><P></P><P># 2 works like # 1, all three applications work.</P><P></P><P># 4, FTP and Telnet do not work, but the website does.</P><P></P><P>So my question to you all is what is this relationship doing?&nbsp; Why does # 3 not allow any of the three services to work, yet # 4 allows the website to work but not ftp and telnet?&nbsp; Can I mix and match applications and services in the same rule or do I need to break them apart? </P><P></P><P>This simple example is not a big deal but I have some servers that use known applications like FTP and MSSQL that I would like to switch over to use pure applications for them in the rule but they also have some proprietary ports that are unique to them that I will need to keep listed as services.&nbsp; So before I start mucking with them I'd like to have a better understanding of how this is supposed to be working.</P><P></P><P>Thanks for any advice and guidance.</P></BODY></HTML> Mon, 28 Nov 2011 21:00:19 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-question-on-apps-vs-service-relationships/m-p/10747#M7924 nathan_gilmore 2011-11-28T21:00:19Z Re: Basic Question on Apps vs Service Relationships https://live.paloaltonetworks.com/t5/general-topics/basic-question-on-apps-vs-service-relationships/m-p/10748#M7925 <HTML><HEAD></HEAD><BODY><P>Well, I should have searched more before posting as I believe my questions were already answered in the following two posts.</P><P></P><P><A href="https://live.paloaltonetworks.com/message/5821#5821">https://live.paloaltonetworks.com/message/5821#5821</A></P><P></P><P><A href="https://live.paloaltonetworks.com/message/3134#3134">https://live.paloaltonetworks.com/message/3134#3134</A></P><P></P><P>If others have additional thoughts they want to add please post still.</P></BODY></HTML> Mon, 28 Nov 2011 21:48:18 GMT https://live.paloaltonetworks.com/t5/general-topics/basic-question-on-apps-vs-service-relationships/m-p/10748#M7925 nathan_gilmore 2011-11-28T21:48:18Z