What does Application-default under Service mean?
When it comes to creating rules, there are a lot of components that make up the rules. One of the more confusing ones I have been asked about is "Application Default" under Services.
The "Service/URL Category" section is where you can define the port that the application uses.
For example: The application Web-browsing (http) uses TCP port 80.
Inside of any rule, under the Service/URL Category tab, you will have a drop down menu on the left-hand side of the screen.
You will see these following three options:
What do they mean?
Note: When you use this option, the device still checks for all applications on all ports, but with this configuration, applications are only allowed on their default ports/protocols.
Lets show this in a rule with DNS as an example below:
The first rule is written to allow the DNS application, but only on UDP port 53.
The second rule is written to allow the DNS application, but uses application-default.
This is demonstrating if DNS was using TCP port 53, it would not be allowed by the first rule.
But, the second rule would allow it. However, why and how does it know?
When looking at the DNS application by clicking on Objects > Applications > type DNS and then click on 'dns', to see the following screen:
Notice how the application default ports listed:
Since the first rule only allows UDP port 53, if the application used TCP port 53 or UDP port 5353, then it would not be allowed because application-default was not used. This could also be used to block applications. This is just a simple example to show you how it is much easier to allow application-default instead of trying to specify every TCP or UDP port.
This is also applicable for rules with "any" as the application, it will ensure that whichever application is identified, it will make sure that the application will only use the standard ports.
Please see this article to view more information on application default ports through the CLI:
I welcome all feedback in the comments section below.
Thanks for reading,