Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-15-2018 03:23 PM
Is or has anyone else had the problem with applications and services being ignored in rules? I have had an issue from all version from 7.0 to 8.1. I have stopped using applications in rules all together because it will not identify the application and instead mark it as "not-applicable". I have the problem with services as well. For example I will create a rule and everything is 100% correct and I will add the service UDP 137 to the rule instead of netbios and it will still drop the **bleep** traffic. What good is a firewall if it doesnt allow the services you tell it to? I cant allow any any any on rules. This is becomming very frustrating.
08-16-2018 05:49 AM - edited 08-16-2018 05:50 AM
You're doing something very wrong. Applications and services (and combination of both) in rules work perfectly.
Can you share some examples?
08-18-2018 06:15 PM
I promise this is not me. I have had this issue for a while now over several versions. I will create a rule 100% correct source and destination zones and addresses. I will first create the rule using an application for example dns. If the Palo is unable to determine the application it will identify as "incomplete" or "not-applicable" and will drop the dns traffic. So I will create a rule under it I will remove the application and I will create a new service or use an existing one. For dns I will add TCP and UDP 53. I will then push the config. Traffic still gets dropped. This doesnt happen all the time but enough so its a problem.
08-19-2018 03:57 AM
Hi @scottoliver
As @santonic already wrote there is probably something wrong in you är config (even if you promise that it isn't your fault 😛 ). Application incomplete could also have (many) other reasons that the firewall not working properly. Could you share screenshots of the security policy and of a working and nit working connection in your log? Additionally may I ask what PAN-OS version and app version do you have installed?
08-19-2018 10:36 PM
Can you please post a DNS rule and a detailed log entry of a traffic dropped.
08-20-2018 01:23 AM
HAve you got any rules further up the chain that block?
Try your new rule right at the top of the chain instead.
08-25-2018 02:52 PM
Were you able to solve the issue?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
