https://live.paloaltonetworks.com/t5/general-topics/vcenter-server-appliance-web-user-interface-https-security-rule/m-p/333954#M84290 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/135151">@ccarter</a>,</P><P>Two things:</P><P>1) Have you enabled logging on the interzone-default security rulebase entry to actually get logs, or otherwise have a deny rule that would generate a log when this traffic isn't matching a security entry?&nbsp;</P><P>&nbsp;</P><P>2) You say that you created a custom application. Did you test that the custom application signature is properly catching the traffic and it isn't being matched to ssl?&nbsp;</P><P>&nbsp;</P><P>What I think is happening is that the custom application you created doesn't have a proper signature assigned and the traffic is being identified as ssl over tcp/5480, which wouldn't work if you have the service configured as application-default. Without having interzone-default set to log, or anything else that would capture and log traffic that doesn't match a security entry, you wouldn't have any logs to look at.&nbsp;</P> Wed, 17 Jun 2020 21:26:39 GMT BPry 2020-06-17T21:26:39Z https://live.paloaltonetworks.com/t5/general-topics/vcenter-server-appliance-web-user-interface-https-security-rule/m-p/333750#M84252 <P>Hi All,</P><P>&nbsp;</P><P>Due to a number of system administrators working from home, I have been asked to allow&nbsp;<SPAN>vCenter Server Appliance Web user interface HTTPS port 5480 through the firewall for administration over VPN (Global Protect).</SPAN></P><P>&nbsp;</P><P>Specifically port 5480. vCenter uses standard ports 80 and 443 and successfully navigates to the site.</P><P>&nbsp;</P><P><SPAN>I have been unable to trace the reason why the site cannot be reached and looking for suggestions as the palo is not showing any traffic in the logs (that i can find).</SPAN></P><P>&nbsp;</P><P><SPAN>Steps I have done:</SPAN></P><P><SPAN>1. Created a new custom application object tcp\5480.</SPAN></P><P><SPAN>2. Applied the new custom app to the relevant&nbsp;security rule.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Wondering if anyone else has seen this behavior&nbsp;before?</SPAN></P><P>&nbsp;</P><P><SPAN>Cheers,</SPAN></P><P><SPAN>Chris</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 17 Jun 2020 00:51:20 GMT https://live.paloaltonetworks.com/t5/general-topics/vcenter-server-appliance-web-user-interface-https-security-rule/m-p/333750#M84252 ccarter 2020-06-17T00:51:20Z https://live.paloaltonetworks.com/t5/general-topics/vcenter-server-appliance-web-user-interface-https-security-rule/m-p/333954#M84290 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/135151">@ccarter</a>,</P><P>Two things:</P><P>1) Have you enabled logging on the interzone-default security rulebase entry to actually get logs, or otherwise have a deny rule that would generate a log when this traffic isn't matching a security entry?&nbsp;</P><P>&nbsp;</P><P>2) You say that you created a custom application. Did you test that the custom application signature is properly catching the traffic and it isn't being matched to ssl?&nbsp;</P><P>&nbsp;</P><P>What I think is happening is that the custom application you created doesn't have a proper signature assigned and the traffic is being identified as ssl over tcp/5480, which wouldn't work if you have the service configured as application-default. Without having interzone-default set to log, or anything else that would capture and log traffic that doesn't match a security entry, you wouldn't have any logs to look at.&nbsp;</P> Wed, 17 Jun 2020 21:26:39 GMT https://live.paloaltonetworks.com/t5/general-topics/vcenter-server-appliance-web-user-interface-https-security-rule/m-p/333954#M84290 BPry 2020-06-17T21:26:39Z