HL7 Traffic / Unknown-TCP traffic gets denied.

Showing results for 
Search instead for 
Did you mean: 

HL7 Traffic / Unknown-TCP traffic gets denied.

L3 Networker

We are standing up some new PA firewalls and have been testing with some HL7 servers.  Testing has been going well until recently where "unknown-tcp" traffic gets denied.  It seems that it only happens when the transfer of a specific file/message is being transferred.  

I spoke with our the HL7 Interface/Server guy and he shared this bit with me..

"HL7, most if not about all, messages begin with the “MSH” segment, Message Header.

These files, the HGS Meditech Lab Charge files, are in an HL7 batch.

The first segment is “FHS” – File Header, the BHS – Batch, then MSH and all the data.

So it is a “Batched” HL7 file, first time in 20+ years of doing this that I run across a charge file like this."

I got around the issue by creating a security policy allow "unknown-tcp" between the two specific servers but is that the only solution? 




Thanks guys, cant believe it's been two years since I last checked up on this post.  I will have to check up on the policy to see if we still have unkown-tcp traffic hitting the policy.

L1 Bithead

I know this is an old thread but just to tie the knot on this, there was a bug ID assigned for this issue (PAN-60414) and the fix for it was released on v7.1.13 and later versions/releases. https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-release-notes/pan-os-7-1-addressed-issues/pan-os... Also, the content update (version 8164) has modified HL7 app-ID for recategorization.   


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!