We have a specific rule to allow github based on PAN EDL of github v4/v6 addresses. Git works over port 22 but not over 443 with the policy below. I want to allow git over 443 on the policy below but not clear on the best way to do it. Do I need to specify service as ports 22 and 443?
@drewdown wrote:
We have a specific rule to allow github based on PAN EDL of github v4/v6 addresses. Git works over port 22 but not over 443 with the policy below. I want to allow git over 443 on the policy below but not clear on the best way to do it. Do I need to specify service as ports 22 and 443?
Your screenshot is calling out to unique "git" applications. You have the "parent" for github, but are using a subordinate app for "git" not sure if that's something you intended? Your rule looks right, but I'm not certain how those EDLs correlate to the Apps you're calling out.
The one thing to mention if that you probably need SSL decrypt for this rule to work correctly.
Yeah the reason git-base is there because PAN-OS was telling me one of the applications I am allowing is based on it so I added thinking it would allow it over 443. It did not.
In the end I specified service over ports 80/22/443 and it appears to be working over 443 now. My assumption is that it will allow those applications over those ports to those destination IPs. We don't decrypt so I believe this is the only way to do this correctly.
