Layer 7 protection with custom service (port)?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Layer 7 protection with custom service (port)?

L0 Member

I'm having a discussion with my firewall engineer about rules in the PA5020.  If I define an application to be used, say SSL, and I want to run that on a random port, say 8443.  When I define that port (service) 8443 and choose the Application 'ssl', does that rule say that I can run SSL over port 8443 OR does that rule say I can run any application over 8443?

It seems to me that it would be i can run SSL over 8443 and ONLY SSL.  If it was mutually exclusive wouldnt PA just grey out the application selection when a custom port was chosen?

Thanks for clearing up this disagreement.  🙂

2 REPLIES 2

L4 Transporter

cgolden07 wrote:

I'm having a discussion with my firewall engineer about rules in the PA5020.  If I define an application to be used, say SSL, and I want to run that on a random port, say 8443.  When I define that port (service) 8443 and choose the Application 'ssl', does that rule say that I can run SSL over port 8443 OR does that rule say I can run any application over 8443?

The above quote has been my experience with PA... when you define a specific App-ID and a specific port, that means that App-ID can only run on that specific port instead of "application default"

L5 Sessionator

Application and service ports have an 'AND' operation - in your case traffic which is ssl over port 8443(only) will be allowed.

  • 2440 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!