- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-02-2022 12:28 PM
Just trying to understand the policy a bit more.
under the policy | application, if I select FTP and select http/s under the service, I assume fw is expecting FTP to run on port 80/443?
hence, if I select app default on services, it will then expect the ftp traffic on port 21?
what I was looking into allow ftp/http/s. I end up creating 2 policies for this, 1. with http/s under services without applications selected
2. application selected ftp and under services, I chose app default.
I guess my thinking is ok?
thank a lot
12-02-2022 12:56 PM
Hello,
You logic is sound with regards to the Applications and Services (ports). You can do it with two policies or with one:
1. Select FTP as application and http/https as services ( this will allow the FTP application over ports 80,443), then second policy as FTP application and services as application default.
2. Select FTP as the application, then http/https and port 21 as a service, ( cant recall if there is a 21 by default, so you might have to add it)
Your choice.
12-02-2022 12:56 PM
Hello,
You logic is sound with regards to the Applications and Services (ports). You can do it with two policies or with one:
1. Select FTP as application and http/https as services ( this will allow the FTP application over ports 80,443), then second policy as FTP application and services as application default.
2. Select FTP as the application, then http/https and port 21 as a service, ( cant recall if there is a 21 by default, so you might have to add it)
Your choice.
12-05-2022 10:57 AM
Thak you Otakarklier, can you also explain the relationship between "application & Service/URL"
if I select Application = > "any" and select Service/URL => http/https, my traffic seems to drop to google or Facebook.
if I add web-browsing under the application, this will not work either, only if I select addplication-default under Service/URL
what I am trying to get done is to allow http/https from inside to outside. but it needs to be http/https using browser others get blocked
any idea how to achieve this without using "any" in the rule set
much appreciated
12-05-2022 12:43 PM
Ignore the above pls, I just forgot to allow DNS 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!