Looking for AppID's which uses a defined TCP Port

Reply
Highlighted
L2 Linker

Looking for AppID's which uses a defined TCP Port

Hello

Sometimes I just get the TCP ports for firewall configuration changes. Since the configuration on the Paloalto should based on the AppID's rather than TCP ports, is there a way to search for AppID's which are using a defines TCP Port (eg. tcp-9000)?

Since every App has a "Standard Ports" Attribute, the Information are there, but it seems neither the Firewall GUI itself nor on the Applipedia (http://apps.paloaltonetworks.com/applipedia/) supports such a filtering possibility. Is there another way?


Accepted Solutions
Highlighted
L4 Transporter

From PAN-OS 4.1 onwards, the search box under Objects>Applications can be used to search for apps by port numbers. The Applipedia page on research center also supports search by ports.

View solution in original post


All Replies
Highlighted
L4 Transporter

My guess is they use http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers for the well known and registered standard ports.

Highlighted
L6 Presenter

Sounds like a good feature request which you should contact your Sales rep about.

However I have another opinion regarding how the appid should be used. If your webserver only listens to lets say TCP80 I then see no reason for why one would use "any" or "service-default" regarding ports (other than a test or for protocols that uses large port-ranges).

My opinion is to setup the PAN as you would with a regular SPI-fw with the addition of selecting proper appid for each flow. With the disclaimer that there are some special cases where "service-default" is handy.

One of the reasons is that in many cases the PAN must let one or more packets through the firewall before the appid can successfully be detected. This will, even if its a small one, unnecessary expose your resource for the surroundings.

Highlighted
L4 Transporter

Good one, last year at one of the competitors international get together in Barcelona there was a technical speech and they pointed out how risky it can be to allow inbound traffic based on APP-ID... Usually it's a good idea to only allow inbound web traffic to your webservers on the standard application port 80 for http for example.

Might be a bit off topic though...

It surely would be nice to be able to lookup the applications standard ports as per PAN definition if there is such a thing. There are apps that do not have standard ports like Skype for example.

Highlighted
L2 Linker

Looking at Wikipedia isn't always helpful. E.g. if you are looking for allowing icmp-echo-requests, the app don't contain icmp or echo, it's the ping app.

So I am looking for TCP-9000. Wikipedia shows me three entries and the third one (SqueezeCenter) is the one I am looking for. Applipedia  don't contains something with "Squeeze" which leads me to the question:  Is this app supported or is their just a different name? It seems,  without testing you will never find out.

Highlighted
L6 Presenter

So did you contat your sales rep yet to highlight this as a feature request?

Highlighted
L4 Transporter

From PAN-OS 4.1 onwards, the search box under Objects>Applications can be used to search for apps by port numbers. The Applipedia page on research center also supports search by ports.

View solution in original post

Highlighted
L4 Transporter

I tried an Applipedia search and entered 53 in the search field. The result showed 22 apps... The search result showed not only exact matches but also every app that contains 53 e.g. 9053. Might need some improvement.

Highlighted
Not applicable

Try Applipedia for Android ;-)

Other than matching only the relevant entries, it will also match applications with default port ranges, eg. udp/50-60.

Cheers from CH :smileywink:

Highlighted
L3 Networker

Try "tcp/53" or "udp/53" without the quotes in the search field. Doesn't seem to work on the Palo box itself under Objects > Applications though

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!