PA Default Behaviour for un-matched UDP traffic?
cancel
Showing results for 
Search instead for 
Did you mean: 

PA Default Behaviour for un-matched UDP traffic?

L2 Linker

Hello,

 

I am pretty new to PA firewalls, and started looking at the default firewall behaviour for various kinds of traffic.

Hence wanted to know, what happens when PA sees unmatched UDP traffic, say a DNS reply, from outside for which it doesn't have a DNS request recorded from the inside? Does it drops the incoming DNS reply or does it allows it?

 

I have been searching internet for a while now, but couldn't get the correct answer to this question, any help appreciated :)

 

Thanks,

Fatema. 

12 REPLIES 12

Correct, but PA will classify the traffic not as "unknown-udp" as an application. It will be a simple traffic drop. As traffic trying access from outside to inside without any session match. 

Alrighty, PA should document it somewhere those corner cases, as it becomes difficult for new bees, like me to understand the default PA behavior (or it can be just common sense, that I could be missing :) )

 

Thank you TraceforLife and Brad for quick responses and explanations.

Appreciate it!

here's some documentation :) Pro-Tips: Unknown Applications

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!