This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

App-id tcp/993 having issues

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

App-id tcp/993 having issues

Go to solution
drewdown
L4 Transporter

‎08-21-2017 03:46 PM

New install of dual PAN 3020s on 8.0.2  that went really well for the most part and the only issue I am having now is imap(s) and Linux clients w/office 365 not working right. 

 

  1. I have a 'known ok' rule with outlook-web-online (among other allowed apps -- ssl included) using app-default but I get tcp-resets from the far end and users are not able to get mail via imaps on Linux clients ( I can on windows using latest TB).
  2. I added a specific rule for tcp/993 with 'any' for app-default and it still doesn't work.
  3. The only way I can get it to work is a blanket ANY/ANY with specific source IPs, no specific app-ids and using application default.  If I specify outlook-web-online and SSL I don't see the traffic even hit the PAN and clients complain about not being able to get email.  Without those app-ids I see the traffic and everyone is happy as a clam. 

Not doing SSL decryption. Has anyone seen this behavior before?  It seems to be local to some Linux users and the only thing I can think of is maybe outdated version of SSL/TSL on their local systems?  PAN not doing much to help me at all with this either as the logs are either there when its working or pretty much nothing when its not.  

0 Likes Likes
17 REPLIES 17

Go to solution
BPry
Cyber Elite
Cyber Elite
In response to drewdown

‎08-23-2017 07:14 AM

@drewdown

FYI,

If you are not going to be decrypting traffic and plan on simply using an application filter with an application-default rule, you'll be breaking a lot more than simply imap due to the same issue you are running into here.

Go to solution
drewdown
L4 Transporter
In response to BPry

‎08-23-2017 08:05 AM

@BPry wrote:

@drewdown

FYI,

If you are not going to be decrypting traffic and plan on simply using an application filter with an application-default rule, you'll be breaking a lot more than simply imap due to the same issue you are running into here.

The plan was to decrypt but logistics in installing the cert and so forth stopped me from doing it day 1.  I plan on doing it just need to figure out the best way.  So far the only thing that has broken is this so  with fingers crossed will wait and see what if anything else breaks. 

 

 

0 Likes Likes

Go to solution
BPry
Cyber Elite
Cyber Elite
In response to drewdown

‎08-23-2017 12:50 PM

@drewdown,

One thing when you do decrypt that you will need to setup is a rule allowing ssl on 80. It's a quirk with decrypting and Palo can't modify the default ports for the app-id without destroying it for anybody not decrypting. 

0 Likes Likes
  • 8830 Views
  • 17 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks