03-08-2013 06:15 AM
I've defined a simple rule for acces to a ssl-crypted website using application filtering.
Also all ssl-crypted access to that site will be decrypted.
The running Software ist PanOS 5.02.
When I define a rule for access to that destination and leave the service in "application-default"
The access wil be blocked an I get two entries in my LOG-File:
1. start <src> <dst> <src_port> <dst_port: 443> <application: ssl>
2. deny <src> <dst> <src_port> <dst_port: 443> <application: web-browsing>
When I change the service from "application" to: "service-https" (port 443) the communication works.
Is that a desired behavior of PaloAlto Firewall?
Sincerly Rainer
03-08-2013 06:19 AM
Yes, because when you're decrypting a SSL session to expose the underlying application. To the firewall, it will look like web-browsing over port 443.
03-09-2013 12:35 AM
Which would mean that you can remove the appid:ssl from your second example (only allowing web-browsing or whatever is detected within the ssl-session).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
