Applications not being identified correctly

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Applications not being identified correctly

L4 Transporter

I am running into a  number of situations where the applications are not being identified correctly and thus not working.  I can see that the applications is using the correct port, but the PA shows it is "web browsing", unknown, etc.  Examples:

KaKaoTalk (ports 80 and 443) which is enabled, does not work

Guild Wars (6112, 6600 and 80) 6112 shows up as unknown-tcp, 6600

Battle.net (80 and 1119) port 1119 shows up as uknown-tcp and "web browsing".

Any suggestions on why?  How can I got about fixing them?  etc.

Thanks

Bob

4 REPLIES 4

L6 Presenter

Are any of these using SSL/HTTPS? And if so, did you enable SSL-termination (SSL-decrypt) in your PA box?

L0 Member

I spent several hours making a lot of changes but what i found that works is making sure that in your policy that "Service/URL Catagory" is setup to be any/any.  the setting "Application Default" ends up blocking the initial connection to the patch servers from the battle.net app.

Cyber Elite
Cyber Elite

Hello,

This is where things get confusing and complicated. Lets take battle.net as an example.

First go to https://applipedia.paloaltonetworks.com/

This lists all the applications the PAN knows etc.

Search for battle.net and click on the name.

 

Here is the important part to look for:

"Depends on Applications" and "Standard Ports"

OtakarKlier_0-1712264128496.png

 

So if we are just creating a policy to allow battle.net, it should look something like:

Applications: battle.net, web-browsing, ssl (its not listed but maybe required due to port 443)

Service: http, https, and might need to create a custom one for 1119.

 

I hope this makes sense. Please let us know if you have additional follow up questions.

 

Regards,

 

If love it that worked alone but there are some initial p2p connections that aren't categorized as such.  I went so far as to put the machine in a dmz with a policy allowing everything and still didn't work until I changed application-default to "any" and then the connections to the installer patch server were no problem.

 

I believe this is an issue with the battle net installer and not with the firewall but workarounds are there for us poor unfortunate souls who have to deal with this stuff.

 

I couldn't find anywhere in the logs that would point me to this change, I was just turning off security policy items one by one till it worked.

  • 3928 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!