This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

how to create policy and how to identify which ports are being used on PAN

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

how to create policy and how to identify which ports are being used on PAN

Go to solution
shafi021
L2 Linker

‎04-27-2020 02:21 PM

Hi Guys,

 

I am new to Palo Alto. I recently joined the firm and they are using any any as policy for internal to Public, Internal to WAN zone. My tasks is to identify the ports which are being used and apply the ACL.

 

My question to experts is how to find out which ports are being used and how should I apply this ACL on PAN.

 

I have little idea that I can check ports under traffic tab and need to create service object to apply on zones. 

 

Guys please suggest me the best approach and guide me  on how I should achieve this goal.  

 

Thanks 

0 Likes Likes
2 accepted solutions

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎04-27-2020 07:11 PM

@shafi021,

You shouldn't be looking at building out a port list, you should be looking at see what applications are being identified. Identify the applications that you are seeing come across the firewall and whether or not they should be allowed, and build out exceptions for any application that isn't being properly identified. 

A couple notes:

- It's easiest if you simply build out two application-groups for sanctioned and unsanctioned applications. 

- Your setup doesn't sound like they've done anything outside of just installing this box. Look at following the published best-practices and actually using your NGFW to its capabilities. 

View solution in original post

(1)

Go to solution
OwenFuller
L4 Transporter

‎04-28-2020 08:18 AM

If you're running 9.0 code, you can use the Policy Optimizer to help you identify what applications are currently being seen on the existing rule.  It will easily allow you to apply just these apps to the rule, or clone a new rule with the selected applications.
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/app-id-features/policy-optimizer.ht...

Custom reports would also be very helpful to you.  You can build and save report queries with all kinds of different options to pull info from the logs, and organize it into convenient summaries.
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/monitoring/view-and-manage-reports/custom-...

View solution in original post

(2)
5 REPLIES 5

Go to solution
BPry
Cyber Elite
Cyber Elite

‎04-27-2020 07:11 PM

@shafi021,

You shouldn't be looking at building out a port list, you should be looking at see what applications are being identified. Identify the applications that you are seeing come across the firewall and whether or not they should be allowed, and build out exceptions for any application that isn't being properly identified. 

A couple notes:

- It's easiest if you simply build out two application-groups for sanctioned and unsanctioned applications. 

- Your setup doesn't sound like they've done anything outside of just installing this box. Look at following the published best-practices and actually using your NGFW to its capabilities. 

(1)

Go to solution
OwenFuller
L4 Transporter

‎04-28-2020 08:18 AM

If you're running 9.0 code, you can use the Policy Optimizer to help you identify what applications are currently being seen on the existing rule.  It will easily allow you to apply just these apps to the rule, or clone a new rule with the selected applications.
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/app-id-features/policy-optimizer.ht...

Custom reports would also be very helpful to you.  You can build and save report queries with all kinds of different options to pull info from the logs, and organize it into convenient summaries.
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/monitoring/view-and-manage-reports/custom-...

(2)

Go to solution
shafi021
L2 Linker
In response to OwenFuller

‎05-14-2020 07:14 AM

Thank you for your response guys

Go to solution
shafi021
L2 Linker
In response to OwenFuller

‎05-20-2020 07:42 PM

Hi @OwenFuller , we are using PAN OS 8 and not going to be on 9 soon. I configured Netflow and I can see which ports are being used. Some of the applications on my flow analysis are showing as unknown App because my org is using some non standard ports, but I can find those ports under Traffic log on PAN. My question is, is it possible to use application and service object ( where I am going to add ports) together on Zone policy. we have 3 zones, Pub, Inside and WAN. what do you suggest , how should I proceed?

0 Likes Likes

Go to solution
OwenFuller
L4 Transporter
In response to shafi021

‎05-20-2020 07:52 PM

Yes, you can use “any” app with a particular service port instead of a pre-defined app.  Another option is to define a custom application based on the ports used. I would also check the Monitor tab to see how Palo identifies the applications, and adjust your security policies accordingly. 

  • 2 accepted solutions
  • 6932 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks