We configured Palo Alto in vwire mode between our head office and branches. Setup is like Core <--> PA3050 <--> WAN Switch. There is a specific application that is not working and we create custom application by defining the destination port. We create application override and security policy to allow the specific application but its not working.The application is bank ATM, teller machines. Any help is appreciated.
Can you share the application override application that you have configured ? And also send us the output of the session when it goes through firewall :
show session all filter source <source-ip> destination <destination-ip> destination-port <port-number>
Also attach the security policy which allows this traffic? Is this application tcp or udp? Also is it recognized as unknown-tcp/udp or some other application? Thank you.
In order to apply an Application override policy on a PAN firewall, you have to create a custom application ( How to Create an Application Override Policy) . But, the application should use UDP/TCP/ICMP protocol to override it. Since SNA is not using TCP/UDP/ICMP, that could be the reason it's not working.
Yes, agree application override will not work with this kind of protocol. Any suggestions how we can bypass sna protocol? We deploy PA in vwire mode.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!