Github over 443? How do I allow on specific policy?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Github over 443? How do I allow on specific policy?

L4 Transporter

We have a specific rule to allow github based on PAN EDL of github v4/v6 addresses.  Git works over port 22 but not over 443 with the policy below.  I want to allow git over 443 on the policy below but not clear on the best way to do it.   Do I need to specify service as ports 22 and 443?  

 

drewdown_0-1716298330250.png

 

2 REPLIES 2

L6 Presenter

@drewdown wrote:

We have a specific rule to allow github based on PAN EDL of github v4/v6 addresses.  Git works over port 22 but not over 443 with the policy below.  I want to allow git over 443 on the policy below but not clear on the best way to do it.   Do I need to specify service as ports 22 and 443?  

 

drewdown_0-1716298330250.png

 


Your screenshot is calling out to unique "git" applications.  You have the "parent" for github, but are using a subordinate app for "git" not sure if that's something you intended?  Your rule looks right, but I'm not certain how those EDLs correlate to the Apps you're calling out.

 

The one thing to mention if that you probably need SSL decrypt for this rule to work correctly.

 

Brandon_Wertz_0-1716305756095.png

 

L4 Transporter

Yeah the reason git-base is there because PAN-OS was telling me one of the applications I am allowing is based on it so I added thinking it would allow it over 443.  It did not. 

 

drewdown_0-1716307046936.png

 

In the end I specified service over ports 80/22/443 and it appears to be working over 443 now.   My assumption is that it will allow those applications over those ports to those destination IPs.  We don't decrypt so I believe this is the only way to do this correctly.  

 

drewdown_1-1716307076270.png

 

  • 789 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!