11-01-2017 12:31 PM
Is there any experience with 'symantec-endpoint-manager' over tcp/8014 being mis-identified as web-browsing?
We have a 5260 firewall in a datacenter environment, with hosts that need to access a Symantec-Endpoint-Server for AV updates. Clients access the server on port tcp/8014. Tha pport is associated with app-id 'symantec-endpoint-manager' per the app-id with SSL and web-browsing dependencies. A policy rule was created for the client to server communication with the three app-id's using the 'application default' ports.
When the clients attempt to access the server, they are blocked by the inter-zone rule, with tcp/8014 identified as 'web browsing'. At this point an application override has been created allowing tcp/8014, ideally we'd like to use the built-in rule to permit the traffic through.
Any input that can be provided by the community would be appreciated.
11-02-2017 12:29 PM
If there is an application default configured as a service on the Security Policy that allows symantec-endpoint-manager traffic, the Palo Alto firewall will deny web browsing traffic on destination port 8014.
There are two possible resolutions:
1- Allow any service in the Security Policy.
2- Allow web browsing traffic on destination port 8014.
for more details kindly find below URL:
11-02-2017 01:29 AM
Hi chrislss,
which version of PAN-OS you'r using in PA 5260 firewall ?
11-02-2017 11:57 AM
The latest release, 8.0.5, is being used. App/Threat update release is 745-4296 (10/24/17).
11-02-2017 12:29 PM
If there is an application default configured as a service on the Security Policy that allows symantec-endpoint-manager traffic, the Palo Alto firewall will deny web browsing traffic on destination port 8014.
There are two possible resolutions:
1- Allow any service in the Security Policy.
2- Allow web browsing traffic on destination port 8014.
for more details kindly find below URL:
11-02-2017 12:49 PM
Thank you! I have to say i don't like the solution, but that definitely explains the issue. Appreciate the reference.
Chris
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
