Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Applications On Non-Standard Ports

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Applications On Non-Standard Ports

L2 Linker

It's perfectly possible I'm being unusually dumb here, but I can't see an elegant way of allowing application usage on non-standard ports - for example ssh on tcp/32777. The obvious way of doing it is to allow a rule that allows appid:ssh on service:ssh-ports (being a service group consisting of tcp/22 and tcp/32777). 

 

That works fine, but is rather clumsy when you have a rule that has thousands of applications with service set to "application default" (you end up with dozens of rules to cope with all the non-standard ports).

 

I looked to see if you can change the 'application-default' for an application to add custom port numbers.

 

I've tried creating a custom application which is tcp/32777 and a parent application of 'ssh'. Doesn't seem to work.

 

Am I missing something obvious? Or am I not trying hard enough with the custom application rule?

1 accepted solution

Accepted Solutions

L4 Transporter

Hi Mike,

 

I think the best thing to do in this situation, if you want to allow non-standard ports, is to create separate rules for them so you allow SSH & service tcp 32777. You can apply content-ID & user-ID to make sure the traffic isn't dodgy (as long as decryption is enabled for SSH) and lock down the users so that only the required people can use this port for SSH.

 

hope this helps!

Ben

 

View solution in original post

3 REPLIES 3

L4 Transporter

Hi Mike,

 

I think the best thing to do in this situation, if you want to allow non-standard ports, is to create separate rules for them so you allow SSH & service tcp 32777. You can apply content-ID & user-ID to make sure the traffic isn't dodgy (as long as decryption is enabled for SSH) and lock down the users so that only the required people can use this port for SSH.

 

hope this helps!

Ben

 

L3 Networker

> I agree with bmorris1 and I don't think you will be able to add the custom app as a part of application-default group

L2 Linker

Thanks.

 

That's pretty much the solution I've used. I just wanted to know if I was missing something obvious.

  • 1 accepted solution
  • 4844 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!