03-22-2014 01:14 AM
Hi,
I got a question from ACE and answered in there. But the answer was incorrect.
I don't know why. Anyone can explain this question. So please!
Thanks,
Thong.
03-23-2014 10:53 PM
Hello ThongPD,
As per my understanding, the answer will be
1. Bittorrent traffic will be allowed.
2. SSH traffic will be denied by the device.
Explanation:
1. The Palo Alto App-ID feature will identify the application after a few transactions ( after TCP 3 way handshake, it will observe few packets to identify the application based on App-ID signature) , hence SSH and bittorrent traffic will never hit the first security rule.
2. Once the application will be identified as "Bittorrent", the sevice "any" will allow that traffic on any non-standard port.
3. After identifying the application SSH, the service "application-default" will not allow SSH application apart from the default port 22. Hence SSH on port 3333 will be dropped by the firewall.
Hope this helps.
Thanks
03-25-2014 06:18 AM
Hi,
No reason for ssh connexion not matching the last rule ... and to be allowed.
As ssh not running on normal port, it will not match the 2nd rule (for me service is part of trigger to know if traffic match the rule or not).
V.
03-25-2014 02:48 PM
Hello ThongPD,
Apologize for the confusion. I have tested this into my LAB and the result agrees with what Vince' comments. SSH should be allowed through the last rule.
Thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
