Management Articles

How to View Application-Default Ports for an Application

by sdurga on ‎06-26-2014 07:45 PM - edited on ‎11-29-2016 04:15 AM by (13,784 Views)

Overview

Application-default ports are the default destination ports used by various application and are commonly used in configuring security-policies.

 

Details

The following command is used to determine the application-default ports for any application:

# show predefined application <application>

 

In the example below, the default destination ports used by gmail-base is displayed in the default section:

> configure
Entering configuration mode
[edit]
# show predefined application gmail-base
gmail-base {
  ottawa-name gmail;
  category collaboration;
  subcategory email;
  technology browser-based;
  description "Gmail is a free, advertising-supported email service provided by Google. Users may access Gmail as secure webmail, as well as via POP3 or IMAP4 protocols.";
  alg no;
  appident yes;
  virus-ident yes;
  spyware-ident yes;
  file-type-ident yes;
  vulnerability-ident yes;
  evasive-behavior no;
  consume-big-bandwidth no;
  used-by-malware yes;
  able-to-transfer-file yes;
  has-known-vulnerability yes;
  tunnel-other-application yes;
  prone-to-misuse no;
  pervasive-use yes;
  per-direction-regex no;
  timeout 1800;
  deny-action drop-reset;
  data-ident yes;
  run-decoder no;
  cachable no;
  file-forward yes;
  references {
    Wikipedia {
      link http://en.wikipedia.org/wiki/Gmail;
    }
  }
  default {
    port tcp/80,443,993,995,465,587;
  }
  use-applications [ imap pop3 smtp ssl web-browsing];
  tunnel-applications [ gmail-chat gmail-drive gmail-enterprise google-buzz google-talk-base];
  implicit-use-applications web-browsing;
  applicable-decoders http;
  risk 4;
  application-container gmail;
}


The same information can be found on the Web UI. Navigate to Objects > Applications.

The screenshot below shows the ports for gmail-base, as the Standard Ports values:

Screen Shot 2014-06-26 at 7.48.23 PM.png

 

owner: sdurga

Comments
by khaled.bahr
on ‎12-09-2015 11:45 PM

From the command line interface it didnt work (show predefined application <Application>), as my OS version is 6.0.10, while from the GUI it was useful.

 

thnx

by brucegarlock
on ‎11-28-2016 04:15 PM

What is the CLI command for PAN-OS 7.1.x?

by
on ‎11-29-2016 04:08 AM

Hi @brucegarlock and @khaled.bahr

 

it's the same command in every PAN-OS, but you need to go into configuration mode # first :)

 

 

admin@myNGFW> configure
Entering configuration mode
[edit]                                                                                                                                                                                                                                
admin@myNGFW# show predefined application gmail-base
gmail-base {
  ottawa-name gmail;
  category collaboration;
  subcategory email;
  technology browser-based;
...
Ask Questions Get Answers Join the Live Community
Contributors