- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-24-2014 05:25 AM
Hi,
We configured Palo Alto in vwire mode between our head office and branches. Setup is like Core <--> PA3050 <--> WAN Switch. There is a specific application that is not working and we create custom application by defining the destination port. We create application override and security policy to allow the specific application but its not working.The application is bank ATM, teller machines. Any help is appreciated.
Thanks,
MBS
11-24-2014 05:31 AM
Can you share the application override application that you have configured ? And also send us the output of the session when it goes through firewall :
show session all filter source <source-ip> destination <destination-ip> destination-port <port-number>
Also attach the security policy which allows this traffic? Is this application tcp or udp? Also is it recognized as unknown-tcp/udp or some other application? Thank you.
11-24-2014 09:36 AM
For application override protocol should be either tcp or udp, that might be the reason why it is not working.
11-24-2014 10:17 AM
Hello mbs.admin,
In order to apply an Application override policy on a PAN firewall, you have to create a custom application ( How to Create an Application Override Policy) . But, the application should use UDP/TCP/ICMP protocol to override it. Since SNA is not using TCP/UDP/ICMP, that could be the reason it's not working.
Thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!