Basic question regarding policy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Basic question regarding policy

L2 Linker

Just trying to understand the policy a bit more.

under the policy |  application, if I select FTP and select http/s under the service, I assume fw is expecting FTP to run on port 80/443?

hence, if I select app default on services, it will then expect the ftp traffic on port 21?

 

what I was looking into allow ftp/http/s. I end up creating 2 policies for this, 1. with http/s under services without applications selected

2. application selected ftp and under services, I chose app default.

I guess my thinking is ok?

thank a lot

 

 

 

 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hello,

You logic is sound with regards to the Applications and Services (ports). You can do it with two policies or with one:

1. Select FTP as application and http/https as services ( this will allow the FTP application over ports 80,443), then second policy as FTP application and services as application default.

2. Select FTP as the application, then http/https and port 21 as a service, ( cant recall if there is a 21 by default, so you might have to add it)

 

Your choice.

 

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

You logic is sound with regards to the Applications and Services (ports). You can do it with two policies or with one:

1. Select FTP as application and http/https as services ( this will allow the FTP application over ports 80,443), then second policy as FTP application and services as application default.

2. Select FTP as the application, then http/https and port 21 as a service, ( cant recall if there is a 21 by default, so you might have to add it)

 

Your choice.

 

Thak you Otakarklier, can you also explain the relationship between "application & Service/URL"

if I select Application = > "any" and select Service/URL => http/https, my traffic seems to drop to google or Facebook.

if I add web-browsing under the application, this will not work either, only if I select addplication-default under Service/URL

 

what I am trying to get done is to allow http/https from inside to outside. but it needs to be http/https using browser others get blocked

any idea how to achieve this without using "any" in the rule set

 

much appreciated

 

 

 

Ignore the above pls, I just forgot to allow DNS 🙂

  • 1 accepted solution
  • 1898 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!