- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-13-2013 05:13 PM
I am running into a number of situations where the applications are not being identified correctly and thus not working. I can see that the applications is using the correct port, but the PA shows it is "web browsing", unknown, etc. Examples:
KaKaoTalk (ports 80 and 443) which is enabled, does not work
Guild Wars (6112, 6600 and 80) 6112 shows up as unknown-tcp, 6600
Battle.net (80 and 1119) port 1119 shows up as uknown-tcp and "web browsing".
Any suggestions on why? How can I got about fixing them? etc.
Thanks
Bob
04-04-2024 08:09 AM
I spent several hours making a lot of changes but what i found that works is making sure that in your policy that "Service/URL Catagory" is setup to be any/any. the setting "Application Default" ends up blocking the initial connection to the patch servers from the battle.net app.
04-04-2024 01:57 PM
Hello,
This is where things get confusing and complicated. Lets take battle.net as an example.
First go to https://applipedia.paloaltonetworks.com/
This lists all the applications the PAN knows etc.
Search for battle.net and click on the name.
Here is the important part to look for:
"Depends on Applications" and "Standard Ports"
So if we are just creating a policy to allow battle.net, it should look something like:
Applications: battle.net, web-browsing, ssl (its not listed but maybe required due to port 443)
Service: http, https, and might need to create a custom one for 1119.
I hope this makes sense. Please let us know if you have additional follow up questions.
Regards,
04-04-2024 03:42 PM
If love it that worked alone but there are some initial p2p connections that aren't categorized as such. I went so far as to put the machine in a dmz with a policy allowing everything and still didn't work until I changed application-default to "any" and then the connections to the installer patch server were no problem.
I believe this is an issue with the battle net installer and not with the firewall but workarounds are there for us poor unfortunate souls who have to deal with this stuff.
I couldn't find anywhere in the logs that would point me to this change, I was just turning off security policy items one by one till it worked.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!