Web-Browsing default port application

L4 Transporter

Web-Browsing default port application

Hey , 

 

i just wondered why in the era that all web traffic is moving forward beeing encrypted and browsers like chrome will soon mark websites that uses HTTP protocol as "unsage" paloalto "web-browsing" application still uses in it's default ports only tcp/80 port and not also tcp/443 port?

 

thanks

 

L7 Applicator

Re: Web-Browsing default port application

Hello,

I also get caught out by this at times. However, and I could be wrong, PAN tries to use the RFC standards. Since http is default port 80, that is what they default to.

 

I kind of like the granularity that the default apps bring to the table. It allows me more control over the packets that are traversing my PAN's.

 

Regards,

L7 Applicator

Re: Web-Browsing default port application

Hello,

That said, you can create your own apps or an override that will allow web-browsing over other ports.

 

https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Custom-applications-and-app-o...

 

Regards,

L4 Transporter

Re: Web-Browsing default port application

not sure this is the answer because once you are decrypted you reveal the real application.. and all the other application i have notcied in paloalto has port 443.. and even facebook has 80 & 443

L7 Applicator

Re: Web-Browsing default port application

Hello,

That is correct. However the PAN layer 7 application detection does more than just look at the ports in use. Hence the reason it can detect Facebook and SSL over ports 443.

 

Regards,

L4 Transporter

Re: Web-Browsing default port application

the basic reason for the "default ports" from my knowledge is for the use in the service column.

basicly even though paloalto is a Layer7 fw.. it is still a layer4 fw so when you use the "application-defaults" in the service feild on the rulebase this is what it is based on..

 

this just makes you create a seperate rule for web-browsing on port 443 in the rulebase since you wouldnt want to put only port 80 and 443 on the rule that all your network traffic hit on.. this will make you configure each and every port an application uses on that rule. or create aditional rule for all those application that dont use ports 80 and 443.

 

another beuti of the "application-defaults" is that it works as you ceates a seperate rule for each application with it's default ports. for example

- application A with port 8080

- application B with port 443

if application B will use port 8080 it wont hit this rule.. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!