From: Terry Bates @terryb8s
"#AskPANW How do you handle ssl traffic decrypted by the FW where the underlying application uses a none standard port e.g. not app default?"
If the application is running on a non-default port, for example, LDAPS on TCP/636, using a specific Service Object (in this case, TCP/636) instead of "Application Default" in combination with the "ldap" App-ID will permit the firewall to decrypt the stream, and inspect traffic contained within the tunnel to deliver App-ID & Content-ID capabilities.
For more information, see https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/create-a-decryption-polic... , and https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/define-the-initial-internet-g... for an example on using Application Default and specific Service Objects within a Security Policy rulebase.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!