Issues with service and applications in rules

Showing results for 
Search instead for 
Did you mean: 

Issues with service and applications in rules

L2 Linker

Is or has anyone else had the problem with applications and services being ignored in rules? I have had an issue from all version from 7.0 to 8.1. I have stopped using applications in rules all together because it will not identify the application and instead mark it as "not-applicable". I have the problem with services as well. For example I will create a rule and everything is 100% correct and I will add the service UDP 137 to the rule instead of netbios and it will still drop the **bleep** traffic. What good is a firewall if it doesnt allow the services you tell it to? I cant allow any any any on rules. This is becomming very frustrating. 


L5 Sessionator

You're doing something very wrong. Applications and services (and combination of both) in rules work perfectly. 

Can you share some examples?

I promise this is not me. I have had this issue for a while now over several versions. I will create a rule 100% correct source and destination zones and addresses. I will first create the rule using an application for example dns. If the Palo is unable to determine the application it will identify as "incomplete" or "not-applicable" and will drop the dns traffic. So I will create a rule under it I will remove the application and I will create a new service or use an existing one. For dns I will add TCP and UDP 53. I will then push the config. Traffic still gets dropped. This doesnt happen all the time but enough so its a problem. 

Hi @scottoliver


As @santonic already wrote there is probably something wrong in you är config (even if you promise that it isn't your fault 😛   ). Application incomplete could also have (many) other reasons that the firewall not working properly. Could you share screenshots of the security policy and of a working and nit working connection in your log? Additionally may I ask what PAN-OS version and app version do you have installed?

Can you please post a DNS rule and a detailed log entry of a traffic dropped. 

HAve you got any rules further up the chain that block?


Try your new rule right at the top of the chain instead.


Were you able to solve the issue?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!