Need to know if we use application instead of service in security policy
When we use service then that will enable the firewall to take immediate action with the first observed packet based on port number.
When we use "application" in Rule that will allow the firewall to take action after enough packets are allowed for App-ID identification regardless of the ports being used ?
Solved! Go to Solution.
The services will be able to block/allow syn packets based on the destination port and applications will be able to identify if the packets flowing over port 80 are really web-browsing and not something else abusing the open port
setting the service to 'application-default' instead of a set of ports will enforce even tighter controls as a mixed rule ( ie. ftp, ssh, dns, ...) will ensure tcp 21 is only used by ftp and not ssh which is allowed in the same rule
Can you please confirm if this is write for application
When we use "application" in Rule that will allow the firewall to take action after enough packets are allowed for App-ID identification regardless of the ports being used
Only if you set Service to any. Then it will allow those specific applications through, regardless of which port the traffic is going through.
If you set Service to application-default, then it will only allow traffic through that matches the list of ports listed in the App-ID information for the application.
If you set a specific port/set of ports in the Service, then it will only allow traffic through that matches the application on the listed ports.
Also remember that the PAN lets the first few packets through so it can analize them. It will then apply the polcies that match. I try and write my policies as strict as possible and use Application everywhere I can so I dont run into an application that likes to port hop or spoof itself as Reaper mentioned.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!