This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Applications not being identified correctly

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Applications not being identified correctly

BobW
L4 Transporter

‎01-13-2013 05:13 PM

I am running into a  number of situations where the applications are not being identified correctly and thus not working.  I can see that the applications is using the correct port, but the PA shows it is "web browsing", unknown, etc.  Examples:

KaKaoTalk (ports 80 and 443) which is enabled, does not work

Guild Wars (6112, 6600 and 80) 6112 shows up as unknown-tcp, 6600

Battle.net (80 and 1119) port 1119 shows up as uknown-tcp and "web browsing".

Any suggestions on why?  How can I got about fixing them?  etc.

Thanks

Bob

Labels:
0 Likes Likes
4 REPLIES 4

mikand
L6 Presenter

‎01-14-2013 02:25 AM

Are any of these using SSL/HTTPS? And if so, did you enable SSL-termination (SSL-decrypt) in your PA box?

0 Likes Likes

NikGore
L0 Member

‎04-04-2024 08:09 AM

I spent several hours making a lot of changes but what i found that works is making sure that in your policy that "Service/URL Catagory" is setup to be any/any.  the setting "Application Default" ends up blocking the initial connection to the patch servers from the battle.net app.

0 Likes Likes

OtakarKlier
Cyber Elite
Cyber Elite

‎04-04-2024 01:57 PM

Hello,

This is where things get confusing and complicated. Lets take battle.net as an example.

First go to https://applipedia.paloaltonetworks.com/

This lists all the applications the PAN knows etc.

Search for battle.net and click on the name.

 

Here is the important part to look for:

"Depends on Applications" and "Standard Ports"

OtakarKlier_0-1712264128496.png

 

So if we are just creating a policy to allow battle.net, it should look something like:

Applications: battle.net, web-browsing, ssl (its not listed but maybe required due to port 443)

Service: http, https, and might need to create a custom one for 1119.

 

I hope this makes sense. Please let us know if you have additional follow up questions.

 

Regards,

 

0 Likes Likes

NikGore
L0 Member
In response to OtakarKlier

‎04-04-2024 03:42 PM

If love it that worked alone but there are some initial p2p connections that aren't categorized as such.  I went so far as to put the machine in a dmz with a policy allowing everything and still didn't work until I changed application-default to "any" and then the connections to the installer patch server were no problem.

 

I believe this is an issue with the battle net installer and not with the firewall but workarounds are there for us poor unfortunate souls who have to deal with this stuff.

 

I couldn't find anywhere in the logs that would point me to this change, I was just turning off security policy items one by one till it worked.

0 Likes Likes
  • 2091 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks