07-22-2025 08:54 AM
Hello,
Seeing some traffic for Unknown-tcp using port 31200. I'm in the process of refining our firewall rules to be more granular and for this current rule has an any app on any service applied with no restrictions. Trying to see what I can create for this particular traffic in a separate rule.
Is there a way to determine what this is exactly? Or ideas on how to add this traffic to a new rule without causing issues? It is allowed traffic as it stands in the general rule we have.
Thank you for any insights/help!
07-23-2025 11:47 AM
Hi @JasonFerris ,
That looks like it might be a non-standard port used by internal/custom apps. I would take a look at the source and destination IP addresses then reaching out to the developers or app owners responsible for those systems. They will likely have the best insight onto what application is running on that port. Once identified and you understand the traffic traversing your firewall, you can consider creating a security policy with a custom App-ID.
Now if you want to safely clean up this policy in the mean time, you can create a security policy above the any-any rule that you have. In this new rule, set the service port to tcp 31200 and leave the application as any.
Hope this helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
