topic How can I allow an application on default and a non-standard port? in General Topics

How can I allow an application on default and a non-standard port?

kcampion — Wed, 15 Jul 2020 21:05:35 GMT

I have a Security rule that allows Oracle traffic between two subnets. The problem is that three Oracle servers use standard port 1521, and another Oracle Server uses a non-standard port 13062. I know that I need to allow the non-standard port in the rule, but that breaks traffic on the standard port. For now, I have explicitly added the standard port, so both ports are explicitly allowed.

Is there a way to allow application-default + defined services in a single rule?

Thanks

Re: How can I allow an application on default and a non-standard port?

kcampion — Wed, 15 Jul 2020 21:06:55 GMT

By the way, I have the same problem with ping. As soon as I define the non-standard port, ping breaks, and I haven't found ay way to explicitly include a "service" for ping in the same rule.

Re: How can I allow an application on default and a non-standard port?

BPry — Thu, 16 Jul 2020 02:34:34 GMT

@kcampion,

Your only option for this is either the way you are doing it currently where you manually specify the default ports as a service/member along with your custom ports, or to split the entry into two separate rulebase entires. I know there's an FR to allow exactly what you are asking for, but I can't recall what it was off-hand.

Re: How can I allow an application on default and a non-standard port?

BPry — Thu, 16 Jul 2020 02:36:10 GMT

@kcampion,

As for ping that's ICMP traffic and doesn't really fit the same model and you should never really have non-standard ping traffic.

Re: How can I allow an application on default and a non-standard port?

kcampion — Thu, 16 Jul 2020 16:47:42 GMT

Thanks @BPry , I thought that was the case for mixing standard and non-standard ports.

Thanks for the reply on the ping issue too. I'm not trying to allow ping on non-standard, but I can't find a way to get the standard method for ping to work when mixed my non-standard Oracle. Not a big deal, I'm OK with splitting the ping from the Oracle rule.