Application vs Service in PA

L1 Bithead

Application vs Service in PA

Hi Experts,

 

 I've query in Application vs Service columns. As we all know the Palo Alto preferred method is to use Application column (SSL, Web-browsing) and refer to 'Application default' in Service.

 

My query is, if we mark 'ANY' in Service column and filter the ports in Application column (SSL, Web-browsing)  will PA firewall stop further processing and allow the traffic by looking @L4 or will the inspection be continued for application layer. Please assist.

 

PA1.JPG

 

 

Regards,

Srinivasan

L7 Applicator

Re: Application vs Service in PA

Hi @nsrini1991

 

If you set the service to 'any' the firewall continues to inspect traffic at the application layer, but this will allow ssl and web-browsing really on ANY port.

Almost all applications have a default port assigned, but this will only be enforced if you configure 'application-default' as service. This also means you cannot really filter for ports just with applications in your policy. The service column is also required to achieve the required result. (Except if you really want to allow web-browsing/ssl (or others) on ANY port, then of course ANY as service is the appropriate decision)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!