05-17-2019 05:52 AM
Let's say we have 2 zones seperated by our PA firewall, Zone A and Zone B. Traffic between Zone A and Zone B is only allowed for some applications/services from dedicated devices in Zone A to dedicated devices in Zone B.
We have a custom Service which uses TCP port 7777 named CustomService1.
Device 1 in Zone A needs to access Device 2 in Zone B on our custom service AND by https. Is this possible in 1 rule?
Or do we need to configure this like:
rule 1 = zone: Zone A | Address: Device 1 | zone: Zone B | Address: Device 2 | Application: web-browsing | Service: application defaults | action: Allow
rule 2 = zone: Zone A | Address: Device 1 | zone: Zone B | Address: Device 2 | Application: any | Service: CustomService1 | action: Allow
05-17-2019 06:08 AM - edited 05-17-2019 06:14 AM
2 rules is going to be an OR. If you want it to match an application & port, they need to be within the same rule. Everything you match on in the same rule is an AND.
If you do those 2 seperate rules, it's going to allow ALL web browsing traffic on its default ports(80/443) as well as allow all traffic, web browsing or not, over tcp port 7777. You could test the single rule requiring both app web-browsing/ssl & your custom service.
05-17-2019 06:28 AM
Hi @jeroenverstraeten ,
Yes you can combine applications with non-standard ports in one single rule :
Cheers !
-Kiwi.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
